03 - Examine privacy, compliance, and data protection standards on Azure

Examine privacy, compliance, and data protection standards on Azure

linking:: AZ-900, Azure-Identity

• How compliant is Azure when it comes to handling personal data?
• How compliant are each of Azure’s individual services?

Microsoft’s online services build upon a common set of regulatory and compliance controls. Think of a control as a known good standard that you can compare your solution against to ensure security. These controls address today’s regulations and adapt as regulations evolve.

Access the Microsoft Privacy Statement, the Online Services Terms, and the Data Protection Addendum

What’s in the Microsoft Privacy Statement?

The Microsoft Privacy Statement explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes. The privacy statement covers all of Microsoft’s services, websites, apps, software, servers, and devices.

What’s in the Online Services Terms?

The Online Services Terms (OST) is a legal agreement between Microsoft and the customer. The OST details the obligations by both parties with respect to the processing and security of customer data and personal data.

What is the Data Protection Addendum?

The Data Protection Addendum (DPA) further defines the data processing and security terms for online services. These terms include:

• Compliance with laws.
• Disclosure of processed data.
• Data Security, which includes security practices and policies, data encryption, data access, customer responsibilities, and compliance with auditing.
• Data transfer, retention, and deletion.

Explore the Trust Center

The Trust Center showcases Microsoft’s principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.

• In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products.
• Additional resources for each topic.
• Links to the security, privacy, and compliance blogs and upcoming events.

Access Azure compliance documentation

The Azure compliance documentation provides you with detailed documentation about legal and regulatory standards and compliance on Azure. Here you find compliance offerings across these categories:

• Global
• US government
• Financial services
• Health
• Media and manufacturing
• Regional

What is Azure Government?

Azure Government is a separate instance of the Microsoft Azure service. It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers. Azure Government offers physical isolation from non-US government deployments and provides screened US personnel.

What is Azure China 21Vianet?

Azure China 21Vianet is operated by 21Vianet. It’s a physically separated instance of cloud services located in China. Azure China 21Vianet is independently operated and transacted by Shanghai Blue Cloud Technology Co., Ltd. (“21Vianet”), a wholly owned subsidiary of Beijing 21Vianet Broadband Data Center Co., Ltd.