Microsoft Compliance Offerings
National Institute of Standards and Technology (NIST)
- NIST maintains measurement standards and guidance to help organizations assess risk.
- NIST releases a Framework for Improving Critical Infrastructure Cybersecurity (FICIC) to strengthen the cybersecurity of federal networks and critical infrastructures.
- The NIST Cybersecurity Framework (CSF) consists of standards, guidelines, and best practices to manage cybersecurity-related risks.
- Quickly build NIST CSF solutions on Azure using the Azure Security and Compliance NIST CSF Blueprint.
General Data Protection Regulation (GDPR)
- GPDR establishes new rules for organizations that offer goods and services to citizens in the European Union.
- It also collects and analyzes data of EU residents. The GDPR applies no matter where your company is located.
- GDPR grants individuals certain rights to manage the personal data gathered by an organization through a Data Subject Request (DSR).
- GDPR requires an organization to provide timely information on DSRs, data breaches, and to conduct data protection impact assessments (DPIAs).
International Organization for Standardization (ISO)
- ISO provides international standards to safeguard consumers and end-users of products and services.
- The International Electrotechnical Commission (IEC) is an organization that prepares and publishes international standards for electrical, electronic, and related technologies.
- ISO/IEC 27001 is an information security management standard designed to bring information security under explicit management control.
- If a company has been granted with an ISO certification, it means that it has established standards and general principles in the initiation, implementation, maintenance, and improvement of information security management.
- You can use Service Trust Portal to provide audited compliance reports.