• 1 min read

Quarterly Microsoft Azure SOC reports: Compliance at warp speed

Responding to customers’ need for speed, Microsoft Azure has published six new Service Organization Control (SOC) reports, just three months after the previously issued reports. Azure is the first and only enterprise cloud provider to support quarterly SOC reports.

imageResponding to customers’ need for speed, Microsoft Azure has published six new Service Organization Control (SOC) reports, just three months after the previously issued reports. Azure is the first and only enterprise cloud provider to support quarterly SOC reports.

A quarterly publishing cadence allows customers to more frequently receive current reports which address their compliance obligations for new services as they become available. In addition, a customer’s need to rely upon CSP-issued bridge letters is reduced dramatically.

Azure provides the deepest and most comprehensive compliance coverage in the industry and the latest SOC reports have the largest scope for a cloud provider in terms of services covered, and regions and locations included. Our SOC reports assess three unique cloud environments: Azure, Azure Government, and Azure Germany.

Microsoft has issued a SOC 1 Type 2 report according to the latest AICPA SSAE 18 standard, as well as a SOC 2 Type 2 report relevant to the security, availability, confidentiality and processing integrity trust principles. In addition, the SOC 2 Type 2 report includes an additional attestation based on the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM). The Azure Germany SOC 2 Type 2 report also includes the Cloud Computing Compliance Controls Catalog (C5) attestation designed for cloud providers to demonstrate sound security practices.

image

Highlights of the SOC reports:

Learn more about Azure compliance offerings, and download the latest SOC reports at the Microsoft Azure Trust Center.

See https://azure.microsoft.com/en-us/regions/ for more on Azure regions, including those coming soon.