Azure has just achieved another first. It is the first major US cloud provider to certify as a data processor for the international standard ISO/IEC 27701 Privacy Information Management System (PIMS).
Microsoft has always made privacy high in priority for Azure, but this new certification adds another layer of compliance to privacy laws and regulations which will help anyone operating in extremely secure industries.
Companies using Azure who need to certify their own organization for global privacy requirements will find it much easier now they can build from Azure’s existing certification.
Head to the Microsoft Trust Centre to read more about privacy in the Azure Cloud.
What is the ISO Extension for Privacy Information Management System (PIMS)?
Simply, PIMS is an extension of the well-known ISO/IEC 27001 standard for information security management systems (ISMS). It is designed to augment the ISMS with privacy-specific controls to enable more effective privacy management.
The PIMS framework can manage personal data through both data controllers and data processors. A key feature for those of us in Europe who need to comply with the General Data Protection Regulation (GDPR).
The PIMS audit can be tailor-made to whichever international regions are applicable to a company, such as GDPR or the California Consumer Privacy Act (CCPA). This makes it a truly universal framework and an efficient method for complying to international regulatory requirements.