Does Your Cloud Service Set the Highest, Global Standard for Security?

At Microsoft, we know that interactions between people bridge country and corporate borders thousands of times each day, and that for many businesses, transactions occur in-country only. Since business data is an asset which is sensitive to employees, business operations, customers, and partners, we ensure our customers’ data is secure wherever it is in the world. Through our work with governments and organizations, we understand the importance of adhering to a range of international standards, regulations and contractual clauses.

Keeping current regarding the many laws, standards and requirements effecting cross-border data security and data transfer is challenging, and international regulations for data security are often more restrictive than those followed by US-based firms doing business domestically.

With a large, potential scope of considerations for both domestic and cross-border data protection and compliance, what certifications should you be aware of as you begin to leverage cloud productivity tools? Knowing that two standards are particularly important in addressing data transfer for businesses using cloud services, Microsoft became the first, major, cloud productivity service to 

Google carries neither distinction for its cloud services.

ISO 27001 Certification
Recognizing its significance to customers as a security benchmark which is also important for data transfers, both cross-border and domestic, Microsoft built Office 365 to adhere to the International Standards Organization’s, (ISO’s), 27000 family of standards. ISO 27001’s broad scope and wide recognition combine to make it a very rigorous certification. The family of standards covers privacy, confidentiality and technical security issues, and addresses established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization.

ISO 27001/27002 outlines hundreds of potential controls and control mechanisms. In addition, ISO 27001/27002 specifies a management system to bring information security under explicit controls. In certifying Office 365 for ISO 27001, Microsoft has implemented a high level of physical, logical, process and management security controls for the cloud suite, which the internationally-recognized ISO verifies independently, each year

European Union (EU) Model Clauses
The EU Model Clauses help customers certify compliance with the European Commission's Data Protection Directive. Microsoft incorporates the EU Model Clauses into individual agreements that it holds with its Office 365 customers. These clauses require that data transferred internationally meet a high security bar, and that data is safeguarded, even if it resides outside of Europe.

It is important for companies doing business in Europe to have these clauses in place, as European regulators have the option to block use of a service that potentially doesn’t meet the EU's Data Protection Directive, until regulators can determine if the service is compliant. Blocking access to a cloud productivity service that an organization uses daily could be catastrophic. Partly through compliance with the EU Model Clauses, Microsoft Office 365 has a more complete approach to European data protection and security laws than any other cloud services vendor.

US Health Insurance Portability and Accountability Act
Office 365 is compliant with the US-mandated Health Insurance Portability and Accountability Act (HIPAA). Due to this compliance, health organizations using Office 365 can more confidently implement document sharing, and technologies for tools such as paging, IM and video conferencing, while employees access information from any, secure device. At the same time, these organizations can substantially lower their IT operating costs.

The American Institute of Certified Public Accountants (AICPA) designed SAS/SSAE as a way to audit and document the design and effectiveness of security control systems. SAS/SSAE includes a review of the organization’s own processes and an auditor’s opinion of how well they are working.

It can be confusing to follow this audit report. Regarding SAS/SSAE, a US firm specializing in regulatory requirements states: “The term ‘system’ and its description can carry a number of meanings and may well be interpreted slightly differently among service organizations having to comply with SSAE 16.”  SAS/SSAE doesn’t impose a checklist of security requirements to follow like the ISO 27001 does, and SAS does not point out that the enterprise’s security control system is important to review, as ISO not only points out, but audits.

While Microsoft also supports customers by adhering to the SSAE 16 Type 1 audit of Office 365,  Google actively touts an audit report which is not as directly relevant to cloud security as ISO 27001 is, misleading customers to perceive SSAE 16 as being a certification, or a standard, rather than an audit report. SSAE 16 is a list of an organization’s self-stated controls which incorporates how well the organization follows the list. Also, since conformance can vary, parts of an organization may choose to follow a low quality, short list of controls, with a lesser impact on the organization’s overall data security.

The Office 365 Trust Center
For businesses large and small, I know that

  • It is important to rely on a privacy-protecting service which incorporates international standards governing how data is secured.
  • Microsoft is committed to high standards in delivering cloud productivity services, and is committed to security, privacy and transparency in handling your data.

The Office 365 Trust Center describes how Microsoft manages Office 365 data, includes background information on the standards we’ve discussed, and cites additional certifications that Microsoft holds for both Office 365 and its data centers, such as EU Safe Harbor and FISMA. It is an excellent resource for customers in assessing the service’s compliance to standards important to their organization.

If you could choose Office 365 which meets

  • Several standards plus the EU Model Clauses
  • an international standard with strict guidelines for security, and with certification that they are both followed and audited;

Or select Google Apps, a service that

  • Simply adheres to an SAE audit of how well the service provider followed their own, internal, security controls for the US, then which would you choose?


Comments (19)

  1. situs buka jasa dan promosi jasa says:

    Situs buka jasa dan promosi jasa on

  2. Togel online says:

    Togel online on
    Taruhan bola online on
    Prediksi bola hari ini on

  3. Jasa backlink murah berkualitas says:

    Jasa backlink dan seo on
    Alat ukur standart backlink
    Jasa backlink murah berkualitas

  4. Petiet says:

    babad tuntas ! kami juaranya tiada bandingan anda akan bahagia kenapa harus cari yang lain bos? mau cari apalagi? hanya untuk anda kami beri murah parah bikin semua senang aneka macam jenis ukuran paling bagus berbagai merek tersedia disini asli gak boong calling aja langsung cuci gudang anti mahal beraneka ragam tipe kami solusi anda kami yang terbaik silahkan coba tahan lama anti goyang kwalitasnya gak main main disini anda akan beruntung cuma disini yang bisa kami pusatnya besi
    baja idaman semua

  5. Hansteen says:

    untuk bahan bangunan rumah ini wajib dicoba dapatkan semua disini dari kami untuk anda yang termurah disini anda akan untung besar coba langsung saja murah juga aman kuat tahan lama disini anda akan beruntung idola kontraktor kami mengerti keinginan anda kami akan membuat anda untung banyak solusi paling prima kami akan membuat anda untung banyak kami mengerti keinginan anda hanya untuk anda kami beri murah bahan konstruksi terbaik semua akan kaget hubungi kami disini daripada beli ditempat lain buat hari anda menguntungkan kwalitas andalan bikin perusahaan untung banyak hubungi sekarang menakjubkan murahnya

  6. Brodowski says:

    barang sudah pasti sni membuat anda ketagihan boleh diadu kami beri murah sekali ini serius murah kami mengerti keinginan anda membantu proyek anda solusi paling prima kami pusatnya besi baja ayo kontak saja luar biasa ayo bandingkan pilihan alternatif ada disini kami menjamin kepuasan anda murah juga aman kami berikan yang terhebat silahkan dicek dengan benar perusahaan kami memimpin pasaran dapatkan semua disini anda akan kaget tiada bandingan dan juara berbagai tipe gak akan kecewa cek disini mari cek disini

  7. Cara flashing android says:

    Cara flashing android @
    Tutorial flashing android @
    Tempat download stockrom dan firmware indonesia @

  8. erkn says:

    level "> تسليك مجارى بالرياض "> افضل شركة تنظيف بالرياض "> تنظيف شقق بالرياض " > تنظيف منازل بالرياض ">شركة غسيل خزنات بالرياض " > افضل شركة مكافحة حشرات بالرياض "> رش مبيدات بالرياض ">شركة تخزين عفش بالرياض "> تنظيف مجالس بالرياض "> تنظيف فلل بالرياض

Skip to main content