Responding to customers’ need for speed, Microsoft Azure has published six new Service Organization Control (SOC) reports, just three months after the previously issued reports. Azure is the first and only enterprise cloud provider to support quarterly SOC reports.
A quarterly publishing cadence allows customers to more frequently receive current reports which address their compliance obligations for new services as they become available. In addition, a customer’s need to rely upon CSP-issued bridge letters is reduced dramatically.
Azure provides the deepest and most comprehensive compliance coverage in the industry and the latest SOC reports have the largest scope for a cloud provider in terms of services covered, and regions and locations included. Our SOC reports assess three unique cloud environments: Azure, Azure Government, and Azure Germany.
Microsoft has issued a SOC 1 Type 2 report according to the latest AICPA SSAE 18 standard, as well as a SOC 2 Type 2 report relevant to the security, availability, confidentiality and processing integrity trust principles. In addition, the SOC 2 Type 2 report includes an additional attestation based on the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM). The Azure Germany SOC 2 Type 2 report also includes the Cloud Computing Compliance Controls Catalog (C5) attestation designed for cloud providers to demonstrate sound security practices.
Highlights of the SOC reports:
- 6 total SOC reports published on August 7 that include:
- Azure and Azure Government SOC 1/2/3
- Azure Germany SOC 1/2/3
- 63 customer-facing offerings included
- New services added: Azure Container Registry, Azure Database for PostgreSQL, Azure Database for MySQL, Azure Analysis Services, Azure Security Center, and Microsoft Stream.
Learn more about Azure compliance offerings, and download the latest SOC reports at the Microsoft Azure Trust Center.
See https://azure.microsoft.com/en-us/regions/ for more on Azure regions, including those coming soon.