I’m excited to announce the release of our first Azure Blueprint built specifically for a compliance standard, the ISO 27001 Shared Services blueprint sample which maps a set of foundational Azure infrastructure, such as virtual networks and policies, to specific ISO controls.
Microsoft Azure leads the industry with over 90 compliance offerings. Azure meets a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, PCI, SOC 1 and SOC 2, as well as country-specific standards, including FedRAMP and other NIST 800-53 derived standards, Australia IRAP, UK G-Cloud, and Singapore MTCS. Many of our customers have expressed their interest in being able to leverage and build upon our internal compliance practices for their environments with a service that maps compliance settings automatically.
To help our customers simplify the creation of their environments in Azure while successfully interpreting US and international governance requirements, we are announcing a series of built-in Blueprints Architectures that can be leveraged during your cloud-adoption journey. Azure Blueprints is a free service that helps customers deploy and update cloud environments in a repeatable manner using composable artifacts such as policies, deployment templates, and role-based access controls. This service is built to help customers set up governed Azure environments and can scale to support production implementations for large-scale migrations.
The ISO 27001 Shared Services Blueprint is already available to your Azure tenant. Simply navigate to the Blueprints page, click “Create blueprint”, and choose the ISO27001 Shared Services blueprint from the list.
The ISO 27001 blueprint is designed to help you deploy production ready, secure end-to-end solutions in one click and includes:
- Hardened infrastructure resources: Azure Resource Manager templates are used to automatically deploy the components of the architecture into Azure by specifying configuration parameters during setup. The infrastructure components include Azure Firewall, Active Directory, Key Vault, Azure Monitor, Log Analytics, Virtual Networks with subnets, Network Security Groups, and Role Based Access Control definitions. Additionally, these resources can be locked by Blueprints as a security measure to protect the consistency of the defined blueprint and the environment it was designed to create.
- Policy controls: Set of Azure policies that help provide real-time enforcement, compliance assessment, and remediation.
- Proven virtual datacenter architectures: The infrastructure resources provided are based on the Microsoft approved virtual datacenter (VDC) architectures which take into consideration scale, performance, security, and governance.
- Security and compliance controls: You still benefit from all the controls for which Microsoft is responsible as your cloud provider, and now this blueprint helps you configure a number of the remaining controls to meet ISO 27001 requirements.
- Documentation: Step by step deployment guide outlining the shared services infrastructure and the policy control mapping matrix.
- Migration runway: Provides a prescriptive set of instructions for deploying an Azure recommended foundation to accelerate migrations via the Azure migration center.
At Microsoft, we are committed to helping our customers leverage Azure in a secure and compliant manner. Over the next few months you will continue to see new built-in blueprints released for HITRUST, PCI DSS, UK National Health Service (NHS) Information Governance (IG) Toolkit, FedRAMP, and Center for Internet Security (CIS) Benchmark. If you would like to participate in any early previews please sign up, or if have a suggestion for a compliance blueprint, please share it via the Azure Governance Feedback Forum.
Learn more about the Azure ISO 27001 Blueprints.