The CSC service allows you to explicitly confirm compliance with regulations and standards by running tests on your Cloud solutions that you define to certify.
Today the corporate environment often requires quality depth and different standards to comply with regulations on the business they develop, for example, PCI-DSS, HIPAA, and SOX. These requirements are focused on the protection of information assets, so it is necessary to add an additional specific analysis to good Azure Cloud security practices. The Compliance service (CSC) includes Assessment (CSA) and Deployment (CSD) services and complements them from the beginning considering compliance with the standard that the client requires.
CSC allows explicit confirmation of compliance with the norm or standard through the execution of tests on the solutions to be certified.
The phases of the Compliance services are described below:
The first phase that must be established is the required regulatory framework (standard to be met) and the scope that it will have in the customer's new Azure Cloud infrastructure. Compliance is generally applied to information assets in relation to the standard that is followed, therefore in this phase the scope of compliance of the solutions to be deployed in the new infrastructure must be agreed upon with the customer.
The second phase of this service is the empirical confirmation of compliance with the standard, in the implemented Azure infrastructure with the operational solutions. For this, configuration check activities, accesses, and important procedures for the audit processes will be carried out.