Microsoft is a business in flux. Amid a organizational restructuring and seismic shift in product image, Microsoft is now finding itself attempting to shed it's 90's and early 2000's Draconian proprietary image. The company is cautiously releasing .NET code to the open source world as well as embracing more leveraged standards and regulations. As Microsoft continues to chart is future course with Windows, Office and cloud infrastructures, these standards and regulations become increasing priorities in their efforts to maintain a high level of privacy and data security.
The Office team writes on their blog, "We are pleased to announce that in our most recent ISO 27001 audit, an independent auditor validated that we incorporated controls that comply with the ISO 27018 standard for protection of personally identifiable information (PII) in public clouds. There are three big commitments enabled by these controls." Office 365 entails the following:
- Office 365 is “advertising-free,” so customers don’t have to worry that the data they put into Office 365 is used for advertising or marketing purposes;
- There are defined policies for the return, transfer and secure disposal of PII; and
- Office 365 proactively discloses the identities of sub-processors.
The Office team isn't about to rest on this most recent accomplishment. They have also completed an assessment compliance with HITRUST. HITRUST is viewed as an important standard by U.S. healthcare organizations; it has established the Common Security Framework (CSF). The CFS can be used by any and all organizations that create, access, store or exchange personal health and financial information. This is all achieved by indexing of an organizations maturity level when accessing this information. The maturity level index is assessed by an independent auditor on a scale of 5 levels. Microsoft's security program attained a Level 5 rating, which is the highest possible rating.
While Microsoft may not currently be winning the affections of the casual consumer with shinny new phones or self driving car announcements, they are hard at work being the back bone to many established businesses as we all move towards a safer digital future.