Scribd Logo
Upload

Welcome to Scribd!

  • ISO IEC 27001 - Backgrounder PDF

    Uploaded by

    JackBAby
    95 views2 pages

    Original Title

    ISO-IEC-27001_backgrounder.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    95 views2 pages

    ISO IEC 27001 - Backgrounder PDF

    Uploaded by

    JackBAby

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    ISO/IEC 27001:2013 Information

    Security Management Standards

    Azure | Commercial Support | Dynamics 365 | Dynamics 365 U.S. Government | Intune | Office 365 | Office 365 U.S. Government
    Office 365 U.S. Government Defense | Power BI | Visual Studio Team Services

    The International Organization for Standardization (ISO) is an independent


    Helpful information nongovernmental organization and the worlds largest developer of voluntary
    international standards. The International Electrotechnical Commission (IEC) is the
    Audit cycle worlds leading organization for the preparation and publication of international
    BSI audits Microsoft cloud services and standards for electrical, electronic, and related technologies.
    Commercial Support once a year.
    Published under the joint ISO/IEC subcommittee, the ISO/IEC 27000 family
    The ISO/IEC 27000 Directory
    of standards outlines hundreds of controls and control mechanisms to help
    www.27000.org/index.htm
    organizations of all types and sizes keep information assets secure. These global
    ISO/IEC 27001: 2013 standard standards provide a framework for policies and procedures that include all legal,
    (for purchase) physical, and technical controls involved in an organizations information risk
    aka.ms/Iso-catalogue management processes.
    Compliance certificates
    ISO/IEC 27001 is a security standard that formally specifies an Information Security
    Azure and Power BI Management System (ISMS) that is intended to bring information security under
    aka.ms/Azure-BSI-Cert
    explicit management control. As a formal specification, it mandates requirements that
    Commercial Support define how to implement, monitor, maintain, and continually improve the ISMS. It also
    aka.ms/CS-BSI-cert prescribes a set of best practices that include documentation requirements, divisions
    Dynamics 365 of responsibility, availability, access control, security, auditing, and corrective and
    aka.ms/Dynamics-CRM-Online-Cert preventive measures. Certification to ISO/IEC 27001 helps organizations comply with
    Office 365 numerous regulatory and legal requirements that relate to the security of information.
    aka.ms/Office365-Cert

    Visual Studio Team Services The international acceptance and applicability of ISO/IEC 27001 is a key reason why
    aka.ms/VSTS-BSI-cert certification to this standard is a foundation of Microsofts approach to information
    security. In 2009, the company received its first ISO/IEC 27001 certification for
    Microsoft Sets a High Bar for Microsoft Cloud Infrastructure and Operations (formerly Global Foundation Services),
    Information Security (BSI case study)
    which provides datacenters and networking for Microsoft cloud services. Currently,
    pages.bsigroup.
    Microsofts cloud infrastructure and services are audited once a year for ISO/IEC 27001
    com/l/73472/2015-07-24/v9btr
    compliance by the British Standards Institution (BSI), an accredited certification body,
    Microsoft Common Controls Hub providing independent validation that Microsoft has implemented security controls
    Compliance Framework end to end.
    aka.ms/MCCH

    Microsoft Online Services Terms


    aka.ms/Online-Services-Terms
    Frequently asked questions
    Microsoft Cloud for Government
    aka.ms/govt-cloud
    Why is Microsoft compliance with ISO/IEC 27001 important?
    Compliance with these standards, confirmed by an accredited auditor, demonstrates
    Microsoft Trust Center that Microsoft uses internationally recognized processes and best practices to
    www.microsoft.com/trustcenter manage the infrastructure and organization that support and deliver its services.
    The certificate validates that Microsoft has implemented the guidelines and general
    principles for initiating, implementing, maintaining, and improving the management
    of information security.
    Where can I get the ISO/IEC 27001 audit reports and scope statements for Microsoft services?
    The Service Trust Portal (aka.ms/STPhelp) provides independently audited compliance reports. You can
    use the portal to request reports so that your auditors can compare Microsofts cloud services results
    with your own legal and regulatory requirements.

    Which services are in scope for ISO/IEC 27001?


    Covered services include:
    Microsoft Azure: API Management, App Service: Mobile Apps, App Service: Web Apps,
    Application Gateway, Automation, Azure Active Directory, Azure IoT Hub, Backup, Batch, BizTalk
    Services, Cloud Services, Data Catalog, Data Factory, Document DB, Event Hubs, ExpressRoute,
    HDInsight, Key Vault, Load Balancer, Log Analytics (formerly Operational Insights), Machine
    Learning, Media Services, Multi-Factor Authentication, Notification Hubs, Portal, Redis Cache,
    RemoteApp, Rights Management, Scheduler, Service Bus, Service Fabric, Site Recovery, SQL
    Database, Storage, Storage Premium, StorSimple, Stream Analytics, Traffic Manager, Virtual
    Machines, Virtual Network, and VPN Gateway.

    Microsoft Commercial Support: Premier and On Premises for Azure, Dynamics 365, Intune,
    and for Medium Business and Enterprise customers of Office 365.

    Microsoft Dynamics 365 and Microsoft Dynamics 365 U.S. Government. For a current list of
    services, visit aka.ms/d365-compliance-list.

    Microsoft Intune.
    Microsoft Office 365 and Microsoft Office 365 U.S. Government. For a current list of
    services, visit aka.ms/o365-compliance-framework.

    Microsoft Office 365 U.S. Government Defense.


    Microsoft Power BI cloud service either as a standalone service or as included in an Office 365
    branded plan or suite.

    Visual Studio Team Services.


    Where can I get more information about the compliance of Microsoft services with ISO 27001?
    13 Effective Azure Security Controls for ISO 27001 Compliance white paper
    aka.ms/13SecurityControlsforISO27001Compliance

    Visual Studio Team Services Data Protection Overview white paper


    aka.ms/VSTS-security-overview

    Does Microsoft run annual tests for infrastructure failures?


    Yes. The annual ISO/IEC 27001 certification process for the Microsoft Cloud Infrastructure and
    Operations group includes an audit for operational resiliency. To preview the latest certificate,
    click ISO/IEC 27001:2013 certificate for Microsoft Cloud Infrastructure and Operations.

    Where do I start my organizations own ISO/IEC 27001 compliance effort?


    As a starting point, consult the ISO/IEC 27000 Directory.

    Can I leverage the ISO/IEC 27001 compliance of Microsoft services in my


    organizations certification?
    Yes. If your business requires ISO/IEC 27001 certification for implementations deployed on
    Microsoft services, you can use the applicable certification in your compliance assessment. You
    are responsible, however, for engaging an assessor to evaluate the controls and processes within
    your own organization and your implementation for ISO/IEC 27001 compliance.

    January 2017

    You might also like