Describe how Microsoft supports data residency to ensure regulatory compliance – Describe the Trust, Privacy, Risk, and Compliance Solutions of Microsoft 365

1 March, 2022 Kajol Ahluwalia 0 Comments 4 categories

Describe how Microsoft supports data residency to ensure regulatory compliance

Many organizations have to comply with both industry regulations and procedures as well as government-mandated security controls surrounding topics such as privacy, record preservation, and data residency. In this section, you’ll learn about Microsoft’s Service Trust Portal where you can review the results of audits conducted against Microsoft data centers as well as whitepapers detailing how Microsoft supports industry and government regulations.

Service Trust Portal

Many organizations need to have some level of evidentiary data that confirms cloud service providers are adhering to the agreed-upon standards for security and data handling. The Microsoft Service Trust Portal (https://servicetrust.microsoft.com) is where all these critical documentsare stored.

The core components of the Service Trust Portal include the following:

  • Certifications, regulations, and standards
  • Reports, whitepapers, and artifacts
  • Industry and regional resources

Let’s look at each of these briefly.

Certifications, Regulations, and Standards

Microsoft has made significant investments in ensuring it is a trusted cloud provider. Part of being a trusted cloud provider is ensuring that the service comports with national, international, and industry standards and regulations.

To validate its own compliance, Microsoft works with external organizations to audit its own internal processes and documentation as well as validate infrastructure design and configuration.

The certifications and standards to which the Microsoft 365 platform aligns are highlighted inFigure 10.4:

Figure 10.4 – Microsoft 365 certification and accreditation

You can view the associated component’s documentation by clicking each of the component certification, regulation, and standards tiles. For example, by selecting the ISO/IEC tile, you can view documents related to various ISO certifications and assessments, including ISO 27001, ISO 27017, ISO 27018, ISO 27701, and ISO 22301, as shown in Figure 10.5:

Figure 10.5 – ISO/IEC documentation page

You can filter the documents by date ranges as well as which services or workloads you wish to review documentation for (such as Azure, Dynamics 365, Office 365, the Power Platform, Windows, GitHub, and Microsoft Intune). You can also sort the documents by name, description, and last update.

Many organizations adhere to a variety of compliance standards or protocols. Some organizations choose to do this for their own benefit, while others are required to do so by their customers, constituents, or other statutory obligations.

Whatever the reasons driving compliance, Microsoft 365 provides tools to help organizations achieve and maintain this. One of the benefits of using Microsoft as aCloud Solution Provider (CSP) is being able to leverage the investments it makes in security and compliance efforts.

When compiling documentation for their own audits, organizations can include attestations and audited control documents as part of their compliance package.

Documents can be selected and saved to your library—essentially, a collection of shortcuts that you can refer to for locating commonly used or important documents.

Category: Certifications of Microsoft, Microsoft 365 Lighthouse, Microsoft Defender for Endpoint, Microsoft MS-900

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts