Explore the Trust Center

Tailwind Traders needs to stay up to date on the latest security standards for protecting its data. Today, the security team needs to verify whether Azure meets ISO 27001, a commonly used information security standard. Where can the company access this information?

The Trust Center showcases Microsoft's principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. The Trust Center is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community.

A screenshot that shows the Trust Center home page.

The Trust Center provides:

  • In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products.
  • Additional resources for each topic.
  • Links to the security, privacy, and compliance blogs and upcoming events.

The Trust Center is a great resource for other people in your organization who might play a role in security, privacy, and compliance. These people include business managers, risk assessment and privacy officers, and legal compliance teams.

Explore the Trust Center

As an optional exercise, let's take a brief look at the Trust Center's entry for ISO 27001.

Access to the Trust Center doesn't require an Azure subscription or a Microsoft account.

  1. Go to the Trust Center.

  2. Locate the Additional resources section on the page. Under Compliance offerings, select Learn more.

    A screenshot of the compliance offerings section on the Trust Center.

    You're taken to Microsoft compliance offerings.

    The offerings are grouped into four categories: Global, US Government, Industry, and Regional.

  3. Under Global, select ISO 27001.

    A screenshot of the Microsoft compliance offerings page. The global category is shown, and ISO 27001 is highlighted.

    The ISO 27001 Information Security Management Standards page is typical of the type of compliance information we provide.

  4. Briefly review the documentation for ISO/IEC 27001.

    You see:

    • An overview of the standard.
    • Which cloud services are in scope.
    • An overview of the audit cycle and links to audit reports.
    • Answers to frequently asked questions.
    • Additional resources and white papers.

    The areas of documentation for other compliance offerings will vary, but this format is the typical one that you'll find.