Azure Data Catalog is ISO, CSA STAR, HIPAA, EU Model Clauses compliant
Azure Data Catalog is now ISO/IEC 27001, ISO/IEC 27018, Health Insurance Portability and Accountability Act (HIPAA), Cloud Security Alliance (CSA) STAR, and European Union (EU) Model Clauses compliant.
- ISO/IEC 27001 is a security standard that formally specifies an Information Security Management System (ISMS) that is intended to bring information security under explicit management control.
- ISO/IEC 27018 is an addendum to ISO/IEC 27001. Based on EU data-protection laws, it gives specific guidance to cloud service providers (CSPs) acting as processors of personally identifiable information (PII) on assessing risks and implementing state-of-the-art controls for protecting PII.
- HIPAA is a US healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to covered entities with access to patients’ protected health information (PHI), as well as to business associates, such as cloud service and IT providers, that process PHI on their behalf.
- CSA STAR Certification involves a rigorous independent third-party assessment of a cloud provider’s security posture. This STAR certification is based on achieving ISO/IEC 27001 certification and meeting criteria specified in the CSA Cloud Controls Matrix (CCM). It demonstrates that a cloud service provider conforms to the applicable requirements of ISO/IEC 27001, has addressed issues critical to cloud security as outlined in the CCM, and has been assessed against the STAR Capability Maturity Model for the management of activities in CCM control areas.
- EU Model Clauses are standardized contractual clauses used in agreements between service providers (such as Microsoft) and their customers to ensure that any personal data leaving the European Economic Area (EEA) will be transferred in compliance with EU data-protection law and meet the requirements of the EU Data Protection Directive 95/46/EC.
For additional information, please visit the Microsoft Trust Center website.