Microsoft Online Services Security and Compliance Operational Certification Initiative
Global Foundation Services (GFS) provides the infrastructure for Microsoft's online services. GFS has streamlined the manner in which compliance with relevant security and privacy standards is managed and maintained. These standards are based on government regulations, industry mandates, internal policies and industry best practices. In addition to ensuring that compliance expectations are continually achieved, this methodology has helped produce SAS 70 Type I and II attestations, ISO 27001 certifications, as well as streamlining the work associated with meeting audit obligations. This paper will discuss the current compliance landscape and the methodology used by the GFS Online Services Security and Compliance (OSSC) organization to rationalize and optimize management of security compliance.