Microsoft becomes first vendor to adopt latest international cloud privacy standard

James has more than a decade of experience as a tech journalist, writer and editor, and served as Editor in Chief of TechForge Media between 2017 and 2021. James was named as one of the top 20 UK technology influencers by Tyto, and has also been cited by Onalytica, Feedspot and Zsah as an influential cloud computing writer.


Microsoft has announced it is the first major cloud provider to adopt the ISO/IEC 27018 standard, claimed as the world’s first international standard for cloud privacy.

The standard, which was published by the International Organisation for Standardisation (ISO) last year, sets out to establish “commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information in accordance with the privacy principles in [previous framework] ISO/IEC 29100 for the public cloud computing environment.”

In practical terms, this means vendors only process personally identifiable information as directed by the customer, transparency about policy regarding transfer and deletion of information stored in data centres, and defined restrictions on how personally identifiable information is handled.

Microsoft added that its Azure, Office 365 and Dynamics CRM Online products were in line with the standard.

This standard covers privacy, so differs from the Federal Risk and Authorisation Management Program, commonly known as FedRAMP. Microsoft’s cloud infrastructure passed that test back in October 2013. Since then however there have been plenty of developments in terms of data privacy; not least a US judge ordering Microsoft to give over data from a Dublin data centre in April 2014.

It’s worth noting here that the ISO/IEC 27018 doesn’t appear to be a failsafe for these issues. Microsoft added the new standard forces them to inform users about government access to data, unless the disclosure is prohibited by law.

Despite this, Redmond is satisfied its adoption of the new standard will lead to greater confidence in its privacy policy from customers.

“Customers will only use services that they trust,” Microsoft EVP legal and corporate affairs Brad Smith wrote in a blog post. “The validation that we’ve adopted this standard is further evidence of our commitment to protect the privacy of our customers online.”

You can find out more the standard here.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *