Windows Azure Certification: PCI DSS Compliance and ISO Extension

We are pleased to announce that the Windows Azure platform has passed the necessary independent checks for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) standards . The certificate of compliance was issued by an independent certified expert (Qualified Security Assessor, QSA) as a result of an audit of Windows Azure for compliance with PCI DSS 2.0 Level 1 security standards. To inform customers about certification, the relevant Windows Azure PCI Attestation of Compliance and Windows Azure Customer PCI Guide documents are published on the official portal and are available for download.

What is PCI DSS?
Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard designed to prevent misuse of credit cards by increasing control over card data. PCI certification is a requirement for all organizations (merchants or payment service providers) that process credit card transactions.

As a cloud provider, Windows Azure does not directly control the environment of cardholders and, therefore, does not fall under the mandatory PCI certification. However, the Windows Azure platform has been tested and approved by an independent certified expert as a platform offering a secure environment for merchants who can use it to certify PCI on it for their own solutions.

What Windows Azure services are we talking about?
Windows Azure Information Security Management System (ISMS) including infrastructure, development, operations, and support for computing, data storage, application services, and network services are included in the PCI DSS compliance assessment. This list includes all the services listed on the official portal http://www.windowsazure.com/ . The following Windows Azure data centers are included in compliance certification: Asia Pacific East (Hong Kong), Asia Pacific Southeast (Singapore), Europe North (Ireland), Europe West (Netherlands), US North Central (Illinois), US South Central (Texas), US East (Virginia) and US West (California).
')

ISO certification renewal

Another good news is the successful completion of the next annual audit of ISO / IEC 27001 Information Security . This time, in addition to auditing the Windows Azure cloud services (Cloud Services), storage (storage), virtual machines and virtual networks, the following services were audited: SQL Database, Active Directory, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Multi-Factor Authentication and HDInsight (Hadoop as a service). ISO compliance includes an audit of the information security management system, infrastructure, development, operations and support.

Trust Center: Certificates and Windows Azure Compliance

Visit the dedicated official Trust Center portal to learn about all certifications and compliance with the standards and requirements of the Windows Azure cloud platform.

The list of certifications and conformities today includes:

• ISO / IEC 27001: 2005 Audit and Certification
• SOC 1 and SOC 2 SSAE 16 / ISAE 3402 Attestations
• Cloud Security Alliance Cloud Controls Matrix
• Federal Risk and Authorization Management Program (FedRAMP)
• Payment Card Industry (PCI) Data Security Standards (DSS) Level 1
• United Kingdom G-Cloud Impact Level 2 Accreditation
• HIPAA Business Associate Agreement (BAA)

Soon, you can count on updating and expanding this list, including in the form of incorporating the latest platform services into existing certifications.

For the Russian audience, the issue of personal data processing within the cloud platform may be interesting, materials on this can be found on this page of the portal http://azurehub.ru and in this report of the Cloud OS Summit 2013 conference.