Microsoft GFS Earns ISO/IEC 27001:2005 Certification
August 22, 2008 // Published as a news service by IHS
| |
| Electronics & Telecom Docs |
IHS sells a full selection of standards documents & collections from the industry's top organizations.
To learn more, and for a free quote, please complete the form below. |
|
| |
BSI Management Systems America announced that Microsoft Global Foundation Services (GFS) achieved certification to the international information security standard, International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001:2005.
The international standard evolved from the British Standard, BSI BS 7799, which was developed by the British Standards Institution (BSI).
ISO/IEC 27001:2005, released in October 2005 as the successor to BSI BS 7799-2, is an internationally recognized standard that identifies, manages and minimizes the range of threats to which information is regularly subjected.
Certification to the ISO/IEC 27001:2005 standard reinforces to customers, through an independent third party, that Microsoft operates an information security management system (ISMS) in accordance with the ISO.
"Microsoft Global Foundation Services has been able to extend the Microsoft Trustworthy Computing concepts from packaged software to protecting online services at global scale," said Charlie McNerney, chief information security officer of Microsoft Global Foundation Services.
"This certification provides external validation that our approach to managing security risk in a global organization is comprehensive and effective, which is important for our business and consumer customers."
As part of the ISO/IEC 27001:2005 process, BSI performed on-site assessments, examined GFS's documented procedures and audited its overall operations. To determine continued compliance with ISO/IEC 27001:2005, BSI will periodically conduct routine surveillance audits of GFS's business operations.
"As the first major online service provider to earn ISO/IEC 27001:2005 certification, Microsoft is further demonstrating a commitment to making its company more secure and securing the information of its customers," said Todd VanderVen, president of BSI Management Systems.
"By formalizing their documentation and processes and using ISO/IEC 27001:2005, Microsoft will be able to improve quality as well as security and continue to raise the bar for the industry, as they have done so well over the years," VanderVen said.
"The GFS team is committed and uses well-organized processes; ISO/IEC 27001:2005 certification can only serve to improve an already industry-leading business that is itself considered a standard that many strive to achieve."
Source: BSI Group.