Microsoft Azure becomes the first global cloud service provider to receive the Spain Esquema Nacional de Seguridad (National Security Framework) certification at high level security measures. Trans-Atlantic data transfer is an important topic for our customers, and complying with Spain’s National Security Framework demonstrates how Microsoft implements security controls and enforces data privacy.

The ENS framework was established by the Spanish government for both agencies and service providers to build trust in the provision of electronic services, and to protect the confidentiality, availability, and integrity of information and information systems. The framework encompasses security governance, information security, physical security, personnel security and other guidelines to enable compliance with security and privacy standards from Spain and EU.

After rigorous assessments conducted by auditors, Microsoft Azure was shown to comply with high level security measures established on the Royal Decree 3/2010, of January 8th, which regulates the National Security Framework within the e-government initiative. The certified scope includes all Azure regions operated by Microsoft. Implemented Microsoft cloud security policy, procedures and controls protect customer data and meet Spain and EU standards.

If you are interested in learning more about this great achievement, you can review the certificate and audit report through the Service Trust Portal (STP). Additionally, for general information about Microsoft’s Spain ENS compliance effort, please check out the Microsoft Trust Center.