Compliance, Auditors, and Documentation Oh My!

Developer Support

April 7th, 20190 0

App Dev Manager Tina Saulsberry shares tips and resources on Azure Security and Compliance offerings.

Does your Azure solution need to meet one of the popular compliance program requirements like HiTrust or FedRAMP? Do you want to understand what documentation to provide auditors for compliance consideration? This blog post may help.

Azure Trust Center should be your first destination for our compliance offerings. Did you know independent audit reports along with Azure compliance offerings can be found there? This documentation is a free, but protected resource for those that utilize Microsoft cloud services (Azure, Office 365, Dynamics 365, etc.). Compliance documentation for HITrust, HIPPA/HITECH, FedRAMP, CSA CCM and many others are stored here.

It is important to note, not all Azure services are compliant with all compliance programs. Check out the offering documentation when designing your solution, and leverage Azure components that meet your desired compliance standard. Check the Trust Center periodically as the status of noncompliant services can change over time.

Another great resource is the Azure Security Center, it offers compliance assessments (Public Preview). It can evaluate the resources in your subscription and identify areas where your solution may have issues with regulatory compliance programs. At the time of this post, Azure Security Center provides assessments for Azure CIS 1.0.0, PCI DSS 3.2, ISO 27001 and SOC TSP, more will be added overtime.

Here are some steps to incorporate into your journey to demonstrate compliance:

  1. Leverage Azure by building your system using the Azure components that meet your desired compliance program.
  2. Review the architecture design of the system and determine if the appropriate threat mitigation is in place. This can be done by creating a threat model diagram for your solution showing how your solution’s technical defenses map onto the technical compliance requirements.
  3. Many times, the Azure audit documentation from the Trust Center along with the threat model for your solution is enough for auditors to do their work.

Premier Service for Developers can help you on your journey to regulatory compliance. Reach out to your Microsoft Application Development Manager (ADM) for more details.

Developer Support App Dev Customer Success Account Manager, Microsoft Developer Support

Read next

Azure Automation DSC via ARM Template
One of the challenges was figuring out a way to get the commercial software installed and configured on the virtual machines in a completely automated fashion, which is where Azure Automation DSC fit into the solution. DSC or Desired State Configuration is not a new concept, but I recently learned that Azure Automation can be used as a DSC pull server that hosts your DSC configurations and resources in a convenient location.
Developer Support
April 8, 2019
0 comment
Dynamics 365 Implementation Pt. 1 – Methodology
Over the course of the next 3 blog posts in my Dynamics 365 implementation series, I will go over the process and experiences my client had with implementing an ERP solution for their 50 year old, multi-billion dollar company. This first post will explain the implementation process used for this successful rollout of Dynamics 365.
Developer Support
April 9, 2019
0 comment

0 comments

Discussion is closed.

Feedback usabilla icon