Compliance updates for Azure public cloud
We’re adding more certification coverage to our Azure portfolio, so regulated customers can take advantage of new services:
- Microsoft has renewed our Azure Service Organization Controls (SOC) 1 and 2 Reports, expanding service coverage to include 14 new services in SOC, and achieved a SOC 3. New Azure in-scope services include: Scheduler, API Management, Azure Redis Cache, ExpressRoute, Automation, Load Balancer, HDInsight, Premium Storage, SQL Database, Event Hubs, Sync Fabric (Microsoft Azure Active Directory [Azure AD]), Password Single Sign-on (Azure AD), Self-Service Group Management (Azure AD), and Operational Insights.
- Microsoft renewed our Azure Payment Card Industry (PCI) certification, updating PCI Data Security Standard (DSS) 3.0 to PCI DSS 3.1 and expanding service coverage. Services added with this certification include HDInsight, Key Vault, Azure Resource Manager, and Azure Redis Cache.
- Microsoft has achieved Japan Cloud Security Gold Mark (CS Gold Mark) accreditation by Japan Information Security Audit Association (JASA). The scope includes all layers (IaaS, PaaS, and SaaS) with Azure and Office 365 and all regions operated by Microsoft that have achieved SOC 2 Type 2. CS Gold Mark is a standard based on ISO/IEC 27017.