On November 29, 2011, Windows Azure obtained ISO 27001 certification for its core services following a successful audit by the British Standards Institute (BSI). You can view details of the ISO certificate here, which lists the scope as: “The Information Security Management System for Microsoft Windows Azure including development, operations and support for the compute, storage (XStore), virtual network and virtual machine services, in accordance with Windows Azure ISMS statement of applicability dated September 28, 2011. The ISMS meets the criteria of ISO/IEC 27001:2005 ISMS requirements Standard.”
The ISO certification covers the following Windows Azure features:
- Compute (includes Web and Worker roles)
- Storage (includes Blobs, Queues, and Tables)
- Virtual Machine (includes the VM role)
- Virtual Network (includes Traffic Manager and Connect)
Included in the above are Windows Azure service management features and the Windows Azure Management Portal, as well as the information management systems used to monitor, operate, and update these services.
In our next phase, we will pursue certification for the remaining features of Windows Azure, including SQL Azure, Service Bus, Access Control, Caching, and the Content Delivery Network (CDN).
Microsoft’s Global Foundation Services division has a separate ISO 27001 certification for the data centers in which Windows Azure is hosted.