View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
February 16, 2015updated 19 Aug 2016 3:58pm

World’s first global cloud privacy standard adopted by Microsoft

First major cloud provider to adopt world's first international standard for cloud privacy.

By Ellie Burns

Marking a major cloud milestone, Microsoft has announced that it will adopt the world’s first international standard for cloud privacy – the first major cloud provider to do so.

The standard, known as ISO/IEC 27018, was developed by the International Organization for Standardization (ISO) to establish a uniform, international approach to protecting privacy for personal data stored in the cloud.

The British Standards Institute (BSI) has now independently verified that in addition to Microsoft Azure, both Office 365 and Dynamics CRM Online are aligned with the standard’s code of practice for the protection of Personally Identifiable Information (PII) in the public cloud.

Bureau Veritas has also done the same for Microsoft Intune.

The reason that this is such a major cloud milestone is that compliance to the ISO/IEC 27018 standard assures enterprise customers that privacy will be protected in several distinct ways.

The first way in which the standard protects privacy is that Microsoft will only process personally identifiable information according to the instructions that the customer provides them.

Secondly, customers will know exactly what is happening to their data. Adherence to the standard ensures transparency about Microsoft’s policies regarding the return, transfer, and deletion of personal information the customer stores in their data centres.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Adherence to ISO 27018 also provides a number of important security safeguards. It ensures that there are defined restrictions on how Microsoft handles personally identifiable information, including restrictions on its transmission over public networks, storage on transportable media, and proper processes for data recovery and restoration efforts.

The standard also ensures that everyone who processes personally identifiable information, including Microsoft employees, must be subject to a confidentiality obligation.

Compliance to the standard also guarantees that Microsoft will not use any data for advertising without consent, while also informing customers about government access to data.

Writing on the Microsoft blog, Brad Smith, General Counsel & Executive Vice President, Legal and Corporate Affairs, commented: "As we’ve said before, customers will only use services that they trust."

"The validation that we’ve adopted this standard is further evidence of our commitment to protect the privacy of our customers online."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU