It’s a great step toward proving that Microsoft is reliable cloud partner, to announce that Microsoft has passed ISO/IEC 27001:2005 certification. It is very strong information security certification which proves that our data is securely and reliably stored in the cloud.
You can find the official certificate on the certification authority’ website here. As you can read the scope of the certification is as follows:
The Information Security Management System for Microsoft Windows Azure including development, operations and support for the compute, storage (XStore), virtual network and virtual machines services, in accordance with Windows Azure ISMS statement of applicability dated September 28, 2011. The ISMS meets the criteria of ISO/IEC 27001:2005 ISMS requirements Standard.
Meaning that SQL Azure, CDN, ACS, Caching and Service Bus services are not yet covered by this certification. But I believe it is work in progress and very soon we will see update on that part. Yet, the most important part – where our code resides (Compute) and where our data live(storage) is covered.
You can read the original blog post by Steve Plank here.
As there are some additional steps, the full information about this certification will become available in January 2012.