Latest Posts

Compliance


Compliance

  • Regulations, legislation, rules, and guidelines, are all things you need to adhere to, follow, and implement.
  • If you don't, you get in trouble, which is why compliance on Azure is so important.
  • For example, let’s say the company operates in Europe. If this company, dealing with European customers doesn't comply with privacy regulations about personal data, they can be fined 4% of annual global turnover, or €20 million, whichever is greater.
  • If companies don't take compliance seriously, they can face massive fines for breaking the compliance for their respective work regions.

Notes:

  • Compliance is not negotiable.
  • GDPR, ISO, and NIST are regulations and standards to ensure compliance with relevant legislation.
  • Azure Compliance Manager gives recommendations
    • To ensure compliance
    • You can assign tasks to team members
    • Get your compliance score
    • Store documents securely
    • Get lots of reports.
  • The Azure Government Cloud is a number of dedicated data centers purely for US government bodies. It ensures compliance with US federal, state, and local government requirements.
  • Azure China region is fully contained within China. Both data centers and all data are within the country's borders and aren't connected to any other Azure regions. It complies with all applicable Chinese regulations as well.

Industry Regulations

Let's talk about industry compliance. It refers to the legislation and rules the industry, in general, must comply with, and we're going to cover three of those.

  • GDPR (General Data Protection Regulation):
    • The main objective of the GDPR is to protect individuals with regard to the processing of their personal data.
    • It is giving control of the data back to individuals instead of the companies owning the data.
    • It also forces companies to put a lot of measures in place to protect the data and provide tools to users for managing that data.
  • ISO Standard:
    • ISO is an international standardization organization, and they have a lot of different categories of compliance.
    • Generally, it is in compliance with quality and customer satisfaction, which is the ISO 9001:2008 certification.
    • There are also other ISO standards for compliance, including food safety management and environmental management.
  • NIST (National Institute of Standards and Technology):
    • Where ISO covers many industries and standards for a range of professions, NIST focuses purely on the tech industry, particularly, on information security frameworks for US federal agencies.
    • The NIST guidelines are developed in such a way that compliance with NIST often ensures compliance with multiple federal US regulations.
    • One of the most popular NIST frameworks is the Cybersecurity Framework.

Azure Compliance Manager

  • Because Azure knows about the various compliance rules and because it knows about your resources, Azure can combine the two and give you recommendations, and it does this through the Azure Compliance Manager.

Azure Compliance Manager Benefits

  • You get recommendations for how to ensure or achieve compliance with GDPR, NIST, ISO, and many others.
  • Assign tasks for compliance to your team and track progress on them.
  • Each team member can be responsible for a certain compliance area, and you can keep track of it with the compliance manager.
  • You get a compliance score to chase that perfect compliance.
  • A really cool feature is the secure storage where you can upload compliance documents. If you have one of the compliance bodies giving you a document to prove you're compliant, then you can upload it to the compliance manager as proof.
  • you can get a lot of reports to show to managers, auditors, regulators, and whoever else needs access to your compliance data.

Two Specific Azure Regions

  1. Azure Government Cloud:
    1. If you are a US government body or you are contracted for one, you can get access to Azure resources in the Azure Government Cloud regions, which are separate dedicated data centers.
    2. As you might imagine, the US government agencies have stringent requirements to comply.
    3. Using one of the dedicated government cloud regions gives you some dedicated space to do this.
    4. Using one of the dedicated government cloud regions gives you exclusivity.
    5. You're guaranteed that only US federal, state, local, and tribal governments and their partners have access to this dedicated instance, with operations controlled by screened US citizens.
    6. Compliance with all required bodies for US government agencies and level 5 Department of Defense approval.
    7. All the cloud benefits of using Azure in general, high availability, scalability, management resources, and much more.
    8. Azure Government Cloud is one of those services that is reassuring government agencies that public cloud services are, indeed, a practical option for them.
  2. China:
    1. China has very specific and strict requirements when it comes to data, the internet, and online entities.
    2. Therefore, if you want to use Azure to provide cloud services in China, you have to use the China region in Azure.
    3. This makes sure that your Azure resource instances are physically located in China with no connection to any other Azure regions.
    4. All your customer data is always kept inside China.
    5. This also means that services like Cosmos DB won't work on a global scale when China is included as a region.
    6. You are completely compliant with all Chinese regulations.
    7. The physical data centers are even hosted by a Chinese company to ensure this.

We value your Feedback:

Page URL:

Name:

Email:


Suggestion:

Compliance
© 2024 Code SharePoint