Resource search results
1 - 10 of 216
This document is intended for Azure customers who are considering deploying applications subject to SOX compliance obligations. It provides customer guidance based on existing Azure audit reports, as well as lessons learned from migrating internal Microsoft SOX relevant applications to Azure.
This document explains the following aspects of Azure Active Directory: • Azure AD Components: What are the different components of Azure AD. This will help you to understand the later sections of the document. • Core Data and Location: What customer data is used by Azure AD and where is it located. • Data Protection: How is the directory data protected at transit and at rest. • Data Flow: How data from various sources such as on premises directories and applications flows to and from Azure AD. • Data and Operations: What data and operational procedures are used by the Azure AD engineering team to manage the service. The target audience of this document is enterprise security evaluators, identity, and access management (IAM) architects, policy makers and regulators, as well as customers with compliance requirements or regulated environments.
The goal of this GxP guidelines document is to provide life sciences organizations with a comprehensive toolset for using Microsoft Azure while adhering to industry best practices and applicable regulations. It identifies the shared responsibilities between Microsoft and its life sciences customers for meeting regulatory requirements, such as FDA 21 CFR Part 11 Electronic Records, Electronic Signatures (21 CFR Part 11), and EudraLex Volume 4 – Annex 11 Computerised Systems (Annex 11).
Deploying Microsoft Azure solutions can give educational organizations a method of focusing on their core business—education—while maintaining cost-effective IT services in a more secure FERPA-compliant environment. However, it is important for educational organizations to understand their unique threat environment so that they can see what they need to deploy onsite and how it meshes with what Microsoft Azure provides in the cloud. Using the shared responsibility strategy, Microsoft can help assure the protection of student data and FERPA compliance. This paper will be most helpful to those in educational organizations who need guidance and best practices in designing secure solutions on Azure.
Microsoft Azure - Response to NZ GCIO Cloud Computing Information Security & Privacy ConsiderationsIn 2014 the NZ Government Chief Information Officer published a due diligence framework for agencies to use in evaluating cloud computing services
This document is meant to provide customers who must address and comply with the SEC’s Regulation Systems Compliance and Integrity (SCI) with an overview of the Microsoft Azure features and services available to them to help enable their success and compliance. The U.S. SEC adopted Regulation SCI and Form SCI in November 2014 to strengthen the technology infrastructure of the U.S. securities markets. The Regulation SCI is designed to reduce the frequency of system incidents, improve resiliency when incidents do occur, and increase the SEC's oversight and enforcement of securities market technology infrastructure.
This paper addresses common security and isolation concerns pertinent to the electric power industry. It also discusses compliance considerations for data and workloads deployed to Azure or Azure Government that are subject to the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards.
Many corporations and public agencies are looking for an easy path from their existing mainframe applications to the cloud. Mainframe online transaction processing (OLTP) systems still work, which is why they remain in use across the Fortune 500. But today’s organizations want the benefits of cloud computing. This guide by Larry Mead and Azure Global Engineering shows how the path to the cloud often starts with a mainframe's transaction processing (TP) monitor. This guide tells you how to use TP monitor emulation software on Azure to run even the most complex CICS applications in the cloud. The emulation environment creates all the interfaces that the application expects to see, so it can run unchanged from within a virtual machine (VM) on Azure. Several vendors offer TP monitoring emulators that meet different requirements. This guide can help you ask the right questions.
Moving to a cloud platform completely changed the cost and use model for the federal agency profiled in this use case. The agency worked with Infinite Corporation, a Microsoft Preferred Partner that provides a toolset specifically designed to make it easy to move AS/400 applications written in RPG, COBOL, and CL to Azure. Like many organizations, whether private or public sector, the agency looked to cloud computing to improve application scalability and availability while easing its hardware management burden. Also on the wish list was a modern application interface—it was long past time to retire the green screens —and a more standard database for reporting and analysis. This white paper discusses their journey. Using the Infinite i development and production environment on Azure, the agency is now running its legacy workload with a modern SQL Server database and a web-based graphical screens.
As adoption of cloud computing becomes more prevalent in the financial services industry, the topic of concentration risk has consistently been a source of interest and, candidly some confusion, in discussions with regulators and customers concerning outsourcing, including use of cloud services. Due to a lack of clarity on these issues, financial institutions may conclude that a risk averse posture dictates a multi-cloud strategy must be adopted. No regulatory guidance mandates a multi-cloud strategy. Rather, as with all forms of outsourcing, concentration risk is one of many risks that must be assessed, and customers must develop governance and have assurance plans in place to mitigate and manage such risks when using cloud services. Risk and procurement officers at financial institutions need to respond to regulation and ensure their decisions are optimized against meaningful risk without holding their individual institution back from the opportunity these technologies offer. This paper provides information on steps to assess and mitigate against relevant classifications of risk and, at the same time, implement approaches without the need to adopt a multi-sourcing strategy, which has its own risks and drawbacks.