Building upon existing certifications Azure has for the Financial Services Industry, today I’m happy to announce the addition of two more assessments supporting Financial Services plus a detailed set of Payment Card Industry (PCI) and Data Security Standard (DSS) guidance describing Azure and customer shared responsibilities.
Along with PCI DSS Level 1 validation and the Center for Financial Industry Information Systems (FISC) assessment, Azure has added two additional assessment milestones supporting Financial Services customers: European Network and Information Security Agency (ENISA) Information Assurance Framework (IAF) and the Shared Assessments Program (formerly known as BITS Shared Assessments).
ENISA IAF – Microsoft Azure now supports customer adoption of the ENISA IAF, which includes a set of topics and questions organizations should review with cloud providers to ensure they have sufficient protections in place around customer data.
Shared Assessments Program – Microsoft Azure now aligns to the Program’s Standard Information Gathering (SIG) questionnaire and the Agreed Upon Procedures (AUP), which customers can use to assess and verify Azure’s IT, privacy and data security controls. The Shared Assessments Program is used by many commercial, retail and investment banks around the world as a proxy for managing their vendor risk assessment process.
This development increases the number of compliance programs supported by Azure to 30, the most in the industry, including those important to our Financial Services customers. Additionally, we now have available a set of PCI guidance detailing the shared responsibilities between Azure and our customers for a select set of Azure services. The guidance specifies areas where customers must ensure they implement proper security measures to safeguard their Azure environments and customer data.
And finally, as further demonstration of Azure’s support to this highly regulated sector, financial institutions can join the Financial Services Compliance Program. This program provides increased transparency into Azure’s compliance processes, helping to address strict regulatory requirements and enabling Financial Services customers to leverage cloud for their business.
Financial Services Compliance Program
This optional program, built for large financial institutions, provides more access to Azure resources and compliance documentation. Program participants are invited to an exclusive compliance summit at Microsoft Headquarters where they have the opportunity to engage directly with Azure engineering leadership, subject matter experts and Azure’s third-party auditors. Customers gain access to Azure’s penetration test results and enhanced engagement with Microsoft’s threat intelligence teams, along with the ability to influence future additions to Azure’s audit scope. And lastly, Microsoft will support customers’ engagement with regulators including contractual commitments to gather additional information from Microsoft engineering teams.
For customers who use multiple Microsoft cloud services in addition to Azure, this program provides similar support for Microsoft Office 365, Microsoft Intune and Microsoft Dynamics CRM Online. Customers can access video guidance on the Financial Services Compliance Program here.
Revolutionize How Business Is Done
With Azure’s alignment to the ENISA IAF and Shared Assessments Program, the PCI shared responsibilities guidance, and the additional features provided through the Financial Services Compliance Program, Financial Services customers have the information necessary to help meet their unique regulatory requirements. Leveraging this information, firms can now grow their business by utilizing Azure to create new, agile business models. For more information, please contact your Microsoft Account Representative.