Windows Azure Compliance Updates: PCI DSS and ISO
PCI DSS Compliance
We are pleased to announce that Windows Azure has been validated for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) by an independent Qualified Security Assessor (QSA). The QSA has issued an Attestation of Compliance, having audited the Windows Azure against the PCI DSS 2.0 security standards for Level 1. To assist customers in achieving PCI DSS certification, Microsoft is making the Windows Azure PCI Attestation of Compliance and Windows Azure Customer PCI Guide available for immediate download.
Visit the Trust Center for a list of other compliance and certifications.
What is the PCI DSS?
The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard designed to prevent credit card fraud through increased controls around credit card data. PCI certification is required for all organizations (merchants and payment service providers) that process credit card transactions.
Is Windows Azure PCI “certified”?
As a cloud provider, Windows Azure does not directly manage cardholder environments, and therefore, is not eligible for PCI certification. However, Windows Azure has been validated by a Qualified Security Assessor (QSA) as providing a secure environment that merchants can use to achieve their own PCI certification.
What Windows Azure services are in scope?
The Information Security Management System (ISMS) for Windows Azure, including infrastructure, development, operations and support for Compute, Data Services, App Services and Network Services are in scope for the PCI DSS Attestation of Compliance. This includes everything listed under Services on http://www.windowsazure.com/. The Windows Azure datacenters in the following regions are in scope: Asia Pacific East (Hong Kong), Asia Pacific Southeast (Singapore), Europe North (Ireland), Europe West (Netherlands), US North Central (Illinois), US South Central (Texas), US East (Virginia), and US West (California).
This posting is provided “AS IS” with no warranties, and confers no rights.
About the author
At Interlink, Sarah serves as the Operations Manager as well as a Senior Director of Client Engagement working with a broad spectrum of clients across Ohio, Kentucky and Tennessee, focusing in Cincinnati and Kentucky. She has a decade of experience in Office 365 Migrations, managed services, vendor relationships and product hardware quoting and purchasing. She is responsible for overseeing Microsoft partner relationships and strives to build meaningful, positive relationships with our clients.
Welcome to the Interlink Cloud Blog
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.