Microsoft Azure has been certified as a data processor for the new international standard ISO/IEC 27701 Privacy Information Management System (PIMS).
The certification means that Azure has met the necessary requirements for management and operational controls to help customers comply with relevant privacy laws and regulations.
Microsoft Australia told CRN that the certification also applies locally.
In a blog post, Azure Trust and Compliance senior compliance manager David Burt claimed Microsoft is the first major US cloud provider to achieve the certification.
“Being the first major US cloud provider to achieve a PIMS certification is the latest in a series of privacy firsts for Azure, including being the first to achieve compliance with EU Model clauses,” Burt said. He added the vendor was also the first to extend core data privacy rights included in the General Data Protection Regulation (GDPR) globally.
PIMS is an extension of the ISO/IEC 27001 standard for information security management, providing a compliance extension for companies relying on the standard, as well as creating an integration point for aligning security and privacy controls.
Customers also gain access to a template for implementing compliance with new privacy regulations, reducing the need for multiple certifications and audits against new requirements.
“Modern business is driven by digital transformation, including the ability to deeply understand data and unlock the power of big data analytics and AI,” the blog post read. “But before customers – and regulators – will allow you to leverage this data, you must first win their trust.”