Compliance

Question

Hi, Is Azure App service compliant with ISO 27001 and is SQL Server on Azure Virtual Machines compliant with GDPR?

Answer 1

Hello, @Tamasgen Teshome ! @Kamal Lamarti has provided a great answer to this question in the comments but I want to expand on that and add some resources for anyone who may be interested. How can I check compliance with ISO 27001 and GDPR on Azure? You can find a full list of compliance resources for Azure, Dynamics 365, and Microsoft 365 here: https://learn.microsoft.com/en-us/compliance/regulatory/offering-home?view=o365-worldwide Here is information specific to ISO 27001 and GDPR: ISO 27001

Microsoft's achievement of ISO/IEC 27001 certification points up its commitment to making good on customer promises from a business, security compliance standpoint. Currently, both Azure Public and Azure Germany are audited once a year for ISO/IEC 27001 compliance by a third-party accredited certification body, providing independent validation that security controls are in place and operating effectively.

GDPR This is more complicated as there are requirements for you, as the Data Controller (Controller) as well as Microsoft as the Processor. While Microsoft meets responsibilities as the Processor as described in the documentation below, there is still quite a bit you will need to do as the Controller. To help guide you, there are some blogs that offer Azure specific advice and tool recommendations to make GDPR compliance easier.

• GDPR overview
• Recommended action plan for GDPR
• Azure blog: New capabilities to enable robust GDPR compliance
• Azure blog: Protecting privacy in Microsoft Azure: GDPR, Azure Policy Updates
• Microsoft 365 blog: Safeguard individual privacy rights under GDPR with the Microsoft intelligent cloud
• Azure, Dynamics 365, and Microsoft 365 compliance offerings

I hope this helps!