Prominence of Compliance
Compliance is very essential in any organization, as it benefits to construct trust with your customer base. Complying with federal laws will reassure your customers that you care about them by keeping their data safe. While lawsuits or fines will calumniate your reputation, a record of compliance will bestow, you are managing a trustworthy service.
Compliance will benefit your organization in many ways. It helps you to evade legal risks. If your organization is not compliant, there are higher chances that the lawsuits and settlements can effortlessly fetch your millions of dollars, which would sum up penalties and other compensatory payments as well. While being compliant aids you to defeat your legal risks and avoid any future costs. It dodges the sales drop of your business by succeeding these law disagreements.
Microsoft Azure and Compliance
Microsoft Azure offers very diverse compliance to help the customers meet their obligations across the regulated industries and the markets worldwide. Azure maintains the broadest compliance portfolio in the industry both in terms of breadth (total number of offerings), as well as depth (number of customer-facing services in assessment scope).
Azure helps the customers meet their own compliance requirements, by following a variety of documents, ranging from independent third-party assessments to guidance documentation produced by Microsoft.
Microsoft Azure has classified the entire compliance in four categories namely- Global, Government, Industry, Regional. Let’s walk through them in brief.
Global
Compliance offerings included in this section have global applicability across regulated industries and markets. They can often be relied upon by customers when addressing specific industry and regional compliance obligations. For example, ISO 27001 certification provides a baseline set of requirements for many other international standards and regulations.
Below is the list of the Globally accepted Compliance-
- CIS Benchmark
- CSA-STAR-Attestation
- CSA-Star-Certification
- CSA-STAR-Self-Assessment
Government
Government compliance offerings are focused primarily on addressing the needs of the US Government. They Primarily aim at safeguarding the customer data. Azure Government grants additional controls regarding the US Government specific background screening demands. It includes maintaining US persons for Azure Government operations. Azure Government for DoD is reserved for exclusive use by the Department of Defence.
- DoD DISA L2, L4, L5
- FedRAMP
- FIPS 140-2
- NIST 800-171
Industry
The following compliance offerings are meant to address the needs of customers subject to various industry-specific regulations such as those in financial services, healthcare and life sciences, media and entertainment, education, etc.
- FDA CFR Title 21 Part 11
- HDS (France)
- HIPAA/HITECH
- HITRUST
Regional
The following compliance offerings are specific to various regional and country laws and regulations. Some of these offerings are based on independent third-party certifications and attestations, whereas others provide contract clauses and guidance documentation to help customers meet their own compliance obligations.
- GDPR (EU)
- IT Grundschutz Workbook (Germany)
- LOPD (Spain)
- MeitY (India)
Compliance Tools and Guidance
Microsoft Azure provides various tools and guidance for the customers to implement the compliance controls for their infrastructure. Below are the Microsoft Azure compliance tools, that would help us to fix the weakened security flaws.
Microsoft Trust Center
The Microsoft Trust Center is your resource for learning how we implement and support security, privacy, compliance, and transparency in all our cloud products and services. The Trust Center features a comprehensive set of compliance offerings of all current certifications, attestations, and other compliance offerings.
https://www.microsoft.com/en-us/trust-center/product-overview
Service Trust Center
The Service Trust Portal contains additional guidance and tools to help meet your security, compliance, and privacy needs when using Azure and other Microsoft Cloud services, including audit reports, Azure Security and Compliance Blueprints, and trust documents to help you understand cloud features, and to verify technical compliance and control requirements.
https://servicetrust.microsoft.com/
Microsoft Compliance Manager
Microsoft provides Compliance Manager to help you track, assign, and verify regulatory compliance activities. It combines detailed information provided by Microsoft to auditors and regulators as part of third-party audits of Microsoft cloud services against various standards and information that Microsoft compiles internally for its compliance with regulations with standards and regulations. Compliance Manager also produces detailed reports in Microsoft Excel that document the compliance activities performed by Microsoft and your organization, which can be provided to auditors, regulators, and other compliance stakeholders.
https://docs.microsoft.com/en-us/office365/securitycompliance/compliance-manager-overview
Azure Security and Compliance Blueprints
Azure Security and Compliance Blueprints assist you in building and launching cloud powered applications that help you comply with certain regulations and standards. These blueprints make it clear which security controls Microsoft implements on your behalf when you build on Azure, and they show you how to implement the customer responsible security controls.
Blueprints increase deployment efficiency and can help simplify compliance and help you understand the division of responsibility for security in the cloud. Microsoft business products and cloud services are built to international and industry-specific standards. Blueprints further enable security through configuration settings and tools that allow you to implement a secure and compliant solution.
Blueprints include:
• Industry-specific overview and guidance.
• Customer responsibilities matrix.
• Reference architectures with threat models.
• Control implementation matrices.
• Automation to deploy reference architectures.
https://docs.microsoft.com/en-us/azure/governance/blueprints/over
