Вы находитесь на странице: 1из 2

ISO 22301:2012 Business Continuity

Management Standards

Azure | Azure Government | Intune | Power BI

The International Organization for Standardization (ISO) is an independent


Helpful information nongovernmental organization and the world’s largest developer of voluntary
international standards. The ISO formed the TC 223 Societal Security
Audit cycle technical committee to develop standards for protecting society, including
BSI audits Microsoft cloud services organizations, in the event of catastrophe such as a natural disaster, major
once a year for compliance. terrorist attack, or shutdown of power grids.

ISO 22301:2012 standard (for Published in 2012 by the technical committee, ISO 22301:2012 is the first
purchase)
international standard for management systems that help ensure business
aka.ms/ISO-22301-standard
continuity. ISO 22301 is the premium standard for business continuity, and
Azure and Azure Government certification demonstrates conformance to rigorous practices to prevent,
Certificate of Registration (also mitigate, respond to, and recover from disruptive incidents.
covers Intune and Power BI.)
aka.ms/ISO22301cert Microsoft is the first hyperscale cloud service provider to receive the ISO
Azure resiliency technical guidance 22301 certification for business continuity management. The British Standards
Explains Azure’s shared responsibility Institute (BSI), an independent certification body, awarded this certification
model for business continuity. to Microsoft Azure, Microsoft Azure Government, Microsoft Intune, and
aka.ms/azure-resiliency-guide Microsoft Power BI after a stringent audit covering all aspects of their business
continuity processes. The audit covered the in-scope services listed below as
Microsoft Common Controls Hub well as Azure management features, the Azure Portal, and the systems used to
Compliance Framework
monitor, operate, and update the in-scope services.
aka.ms/MCCH

Microsoft Online Services Terms


aka.ms/Online-Services-Terms
Frequently asked questions
Microsoft Trust Center
www.microsoft.com/trustcenter Why is Microsoft compliance with ISO 22301 important?
ISO 22301 is a certification used by enterprises and governmental
organization to show their commitment to serving their customers by
achieving the highest available international standard for business continuity
management. ISO 22301 is a comprehensive standard which demonstrates
the highest level of commitment to business continuity and disaster
preparedness.

Where can I get the ISO 22301 audit reports and scope statements for
Microsoft services?
The Service Trust Portal (aka.ms/stphelp) provides independently audited
compliance reports, so that your auditors can compare Microsoft’s cloud
services results with your own legal and regulatory requirements.
Which Microsoft services are in scope for ISO 22301?
Covered services include:
▪▪ Azure:
▪▪ Compute: Batch, Cloud Services, RemoteApp, Service Fabric, Virtual Machine.
▪▪ Networking: Application Gateway, Express Route, Load Balancer, Traffic Manager,
Virtual Network, VPN Gateway.
▪▪ Storage: Backup, Site Recovery, Storage (blobs, queues, files, disks, tables, cool, and
premium), StorSimple.
▪▪ Web and mobile: App Services (API Apps, Mobile Apps, Web Apps), Media Services.
▪▪ Databases: Data Factory, DocumentDB, Redis Cache, SQL Database.
▪▪ Intelligence and analytics: Data Catalog, Data Factory, HDInsight, Machine Learning,
Stream Analytics.
▪▪ Internet of Things: Event Hubs, IoT Hub, Machine Learning, Notification Hubs, Stream
Analytics.
▪▪ Enterprise integration: API Management, BizTalk Services, Data Factory, Service Bus,
StorSimple.
▪▪ Security and identity: Access Control Service, Active Directory Device Registration,
Active Directory Gateway and Evolved Secure Token Service, Azure Active Directory
(including Microsoft Online Directory and Organizational Identity services), Azure Active
Directory Connect Health, Identity and Access Management (including Sync Fabric, Cloud
Password Single Sign-On, Self-Service Group Management, and Self-Service Password
Reset), Key Vault, Multi-Factor Authentication, Rights Management Service.
▪▪ Management and security: Automation, Azure Portal (including Azure IaaS
Experience), Azure Resource Manager, Backup, Log Analytics (formerly Operational
Insights), Microsoft Cloud App Security, Scheduler, Site Recovery, Traffic Manager.

▪▪ Azure Government:
▪▪ Compute: Cloud Services, Virtual Machines.
▪▪ Networking: Application Gateway, Express Route, Load Balancer, Traffic Manager,
Virtual Network, VPN Gateway.
▪▪ Storage: Storage (blobs, queues, files, disks, tables, cool, and premium).
▪▪ Web and mobile: App Service.
▪▪ Databases: SQL Database.
▪▪ Security and identity: Azure Active Directory, Key Vault.
▪▪ Intune: The cloud service portion of Microsoft Intune such as the Microsoft Intune Add-
on Product or a management service provided by Microsoft Intune such as Mobile Device
Management for Office 365.

▪▪ Power BI cloud service, either as a standalone service or as included in an Office 365


branded plan or suite.

Can I leverage ISO 22301 compliance of Microsoft services in my organization’s certification?


Yes. If your business requires ISO 22301 certification for implementations deployed on
Microsoft services, you can use the Azure certification in your compliance assessment.
You are responsible, however, for engaging an assessor to evaluate the controls,
processes, and implementation for ISO 22301 compliance within your own organization
and for your own applications.

January 2017

Вам также может понравиться