Part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security (ISO definition).
Influenced by the organization's needs and objectives, security requirements, the processes employed and the size and structure of the organization.
A holistic approach to managing information security confidentiality, integrity, and availability of information and data.
Expected to change over time.
Compliance with these standards, confirmed by an accredited auditor, demonstrates that Microsoft uses internationally recognized processes and best practices to manage the infrastructure and organization that support and deliver its cloud services. The certificate validates that Microsoft has implemented the guidelines and general principles for initiating, implementing, maintaining, and improving the management of information security.