Cloud Security Compliance

Today the corporate environment often requires quality depth and different standards to comply with regulations on the business they develop, for example, PCI-DSS, HIPAA, and SOX. These requirements are focused on the protection of information assets, so it is necessary to add an additional specific analysis to good Azure Cloud security practices. The Compliance service (CSC) includes Assessment (CSA) and Deployment (CSD) services and complements them from the beginning considering compliance with the standard that the client requires.

CSC allows explicit confirmation of compliance with the norm or standard through the execution of tests on the solutions to be certified.

Our Compliance services are powered by Azure solutions as Defender for Cloud, Microsoft Sentinel and Azure Policies to help our customers comply with the industry standards.

The phases of the Compliance services are described below:

Scope and standard

The first phase that must be established is the required regulatory framework (standard to be met) and the scope that it will have in the customer's new Azure Cloud infrastructure. Compliance is generally applied to information assets in relation to the standard that is followed, therefore in this phase the scope of compliance of the solutions to be deployed in the new infrastructure must be agreed upon with the customer.

Compliance

The second phase of this service is the empirical confirmation of compliance with the standard, in the implemented Azure infrastructure with the operational solutions. For this, configuration check activities, accesses, and important procedures for the audit processes will be carried out.