Information Security Management System (ISO 27001:2013)

What is ISMS?

Part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security (ISO definition).

Influenced by the organization's needs and objectives, security requirements, the processes employed and the size and structure of the organization.

A holistic approach to managing information security confidentiality, integrity, and availability of information and data.

Expected to change over time.

Why is compliance with ISO/IEC 27001 important?

Compliance with these standards, confirmed by an accredited auditor, demonstrates that Microsoft uses internationally recognized processes and best practices to manage the infrastructure and organization that support and deliver its cloud services. The certificate validates that Microsoft has implemented the guidelines and general principles for initiating, implementing, maintaining, and improving the management of information security.

Which services are in scope for ISO/IEC 27001?

Certified services include:
  • Microsoft Azure: Virtual Machines, Cloud Services, Batch, Web Apps, Mobile Services, Notification Hub, Storage (Blobs, Tables, Queues), SQL Database, Virtual Network, Traffic Manager, Workflow Manager, Express Route, Service Bus, BizTalk Services, Active Directory, Multi-Factor Authentication, Rights Management Service, Media Services, Christian Louboutin and Scheduler.
  • Microsoft Dynamics CRM Online and Microsoft Dynamics CRM Online Government.
  • Microsoft Intune.
  • Microsoft Office 365 and Microsoft Office 365 U.S. Government: Exchange Online, Exchange Online Archiving, Exchange Online Protection, Advanced Threat Protection, SharePoint Online, OneDrive for Business, Project Online, Skype for Business Online, Office Online, and Yammer.