Logic Apps is ISO, HIPAA, CSA STAR, PCI DSS, SOC, and EU Model Clauses compliant
Posted on Tuesday, July 18, 2017
The Logic Apps feature of Azure App Service is now ISO/IEC 27001, ISO/IEC 27018, Health Insurance Portability and Accountability Act (HIPAA), Cloud Security Alliance (CSA) STAR, Payment Card Industry Data Security Standards (PCI DSS), Service Organization Controls (SOC 1 Type 2, SOC 2 Type 2, SOC 3), and European Union (EU) Model Clauses compliant.
- ISO/IEC 27001 is a security standard that formally specifies an Information Security Management System (ISMS) that is intended to bring information security under explicit management control.
- ISO/IEC 27018 is an addendum to ISO/IEC 27001. Based on EU data-protection laws, it gives specific guidance to cloud service providers (CSPs) that are acting as processors of personally identifiable information (PII) on assessing risks and implementing state-of-the-art controls for protecting PII.
- HIPAA is a US healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information.
- CSA STAR Certification involves a rigorous independent third-party assessment of a cloud provider’s security posture. This STAR certification is based on achieving ISO/IEC 27001 certification and meeting criteria specified in the CSA Cloud Controls Matrix (CCM).
- PCI DSS is a global information security standard designed to prevent fraud through increased control of credit card data.
- SOC 1 audit, intended for CPA firms that audit financial statements, evaluates the effectiveness of a CSP’s internal controls that affect the financial reports of a customer who is using the provider’s cloud services. SOC 2 audit gauges the effectiveness of a CSP’s system based on the AICPA Trust Service Principles and Criteria. An Attest Engagement under Attestation Standards (AT) Section 101 is the basis of SOC 2 and SOC 3 reports.
- EU Model Clauses are standardized contractual clauses used in agreements between service providers (such as Microsoft) and their customers to ensure that any personal data leaving the European Economic Area (EEA) will be transferred in compliance with EU data-protection law and meet the requirements of the EU Data Protection Directive 95/46/EC.
For additional information, please visit the Microsoft Trust Center website.