Last year, Translator announced that it was GDPR compliant as a data processor. Now, Microsoft Translator is ISO, HIPAA, and SOC compliant, in addition to receiving CSA and FedRAMP public cloud attestation.
ISO: Microsoft Translator is ISO certified with five certifications applicable to the service. The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world’s largest developer of voluntary international standards. Translator’s ISO certifications demonstrate its commitment to providing a consistent and secure service. Microsoft Translator’s ISO certifications are:
- ISO 27001 Information Security Management Standards
- ISO 9001:2015 Quality Management Systems Standards
- 27018:2014 Code of Practice for Protecting Personal Data in the Cloud
- 20000-1:2011: Information Technology Service Management
- ISO 27017:2015: Code of Practice for Information Security Controls
HIPAA: The Microsoft Translator service complies with the US Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and the Clinical Health (HITECH) Act, which govern how cloud services can handle personal health information. This ensures that the health services can provide translations to clients knowing that personal data is kept private. Microsoft Translator is included in Microsoft’s HIPAA Business Associate Agreement (BAA). Health care organizations can enter into the BAA with Microsoft to detail each party’s role in regard to security and privacy provisions under HIPAA and HITECH.
SOC: The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud, primarily in regard to financial statements. Microsoft Translator is now SOC type 1, 2, and 3 compliant.
CSA STAR: The Cloud Security Alliance (CSA) defines best practices to help ensure a more secure cloud computing environment, and to helping potential cloud customers make informed decisions when transitioning their IT operations to the cloud. The CSA published a suite of tools to assess cloud IT operations: the CSA Governance, Risk Management, and Compliance (GRC) Stack. It was designed to help cloud customers assess how cloud service providers follow industry best practices and standards, and comply with regulations. Microsoft Translator has received CSA STAR Attestation.
FedRAMP: The US Federal Risk and Authorization Management Program (FedRAMP) attests that Microsoft Translator adheres to the security requirements needed for use by US government agencies in the public Azure cloud. The US Office of Management and Budget requires all executive federal agencies to use FedRAMP to validate the security of cloud services. FedRAMP attestation for Microsoft Translator in the dedicated Azure Government cloud is forthcoming.
The Microsoft Translator service is subject to annual audits on all of its certifications to ensure the service continues to be compliant. View more information about Microsoft’s commitment to compliance in the Microsoft Trust Center