Power Virtual Agents compliances offering

Power Virtual Agents compliance offering

Power Virtual Agents is a Core Online Service, as defined in the Online Service Terms and is complaint with or covered by:

v  Health Insurance Portability and Accountability Act (HIPAA) coverage

v  Health Information Trust Alliance (HITRUST) Common Security Framework (CSF)

v  Federal Risk and Authorization Management Program (FedRAMP)

v  System and Organization Controls (SOC)

v  Various International Organization for Standardization (ISO) certifications

v  Payment Card Industry (PCI) Data Security Standard (DSS)

v  The Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)

v  United Kingdom Government Cloud (G-Cloud)

v  Outsourced Service Provider’s Audit Report (OSPAR)

v  Korea-Information Security Management System (K-ISMS)

v  Singapore Multi-Tier Cloud Security (MTCS) Level 3

v  Spain Esquema Nacional de Seguridad (ENS) High-Level Security Measures

 

Health Insurance Portability and Accountability Act (HIPAA) coverage

 

HIPAA is a United States healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to covered entities—doctors' offices, hospitals etc. That have access to patients' protected health information (PHI), in addition to business associates—such as cloud service and IT providers—that process PHI on their behalf.

Power Virtual Agents is covered under the Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA).

You can create chatbots that handle protected health information when your organization is bound by HIPAA.

Health Information Trust Alliance (HITRUST) Common Security Framework (CSF)

HITRUST is an organization governed by representatives from the healthcare industry. This are created and maintains the Common Security Framework (CSF), a certifiable framework to help healthcare organizations and their providers demonstrate their security and compliance consistently.

The CSF builds on HIPAA and the HITECH Act, which are US healthcare laws that have established requirements for the use, disclosure, and safeguarding of individually identifiable health information and enforce non-compliance.

Federal Risk and Authorization Management Program (FedRAMP)

FedRAMP was established to provide a standardized approach for assessing, monitoring, authorizing cloud computing products and services under the Federal Information Security Management Act (FISMA) and to accelerate the adoption of secure cloud solutions by federal agencies.

Microsoft’s government cloud services meet the requirements of FedRAMP.

System and Organization Controls (SOC)

SOC is a method for assuring control regulation within a service. Power Virtual Agents has been audited to be compliant with SOC.

SOC audit reports are available from the Microsoft Service Trust Portal.

ISO Complains

Power Virtual Agents is compliant with the ISO standards listed in the following table.

Audit reports for each are available from the Microsoft Service Trust Portal.

 

Standard

Name of the Report and Certificate

Link to Standard

ISO

90001:2015

Microsoft Azure, Dynamics 365, and Other Online Service-ISO9001 Certificate and Assessment Report

ISO 9001:2015

ISO 20000

1:2011

Microsoft Azure, Dynamics 365, and Other Online Service ISO20000-1 Certificate and Assessment Report

ISO/IEC 20000-1:2011

ISO

22301:2012

Microsoft Azure, Dynamics 365, and Other Online Service ISO20000-1 Certificate Assessment Report

ISO/IEC 20000-1:2011

ISO

27001:2013

Microsoft Azure, Dynamics 365, and other Online Service-ISO27001,27018,27017,27701

ISO/IEC 27001:2013

ISO

27017:2015

Microsoft Azure, Dynamics 365, and Other Online Service-ISO27017 Certificate and Microsoft Azure, Dynamics 365

ISO/IEC 27017:2015

ISO

27018:2019

Microsoft Azure, Dynamics 365, and Other Online Service-ISO27018 Certificate and Microsoft Azure, Dynamics 365, and Other Online Service-ISO27001, 27018 ,27017,27701 Assessment Report

ISO/IEC 27018:2019

ISO

27701:2019

Microsoft Azure, Dynamics 365, and Other Online Service-ISO27701 Certificate and Microsoft Azure, Dynamics 365, and Other Online Services-ISO27001,27018,27701 Assessment Report

ISO/IEC  27701: 2019

 

                                               

Payment Card Industry (PCI) Data Security Standard (DSS)

The Payment Card Industry (PCI) Data Security Standards (DSS) form a global information security standard designed to prevent fraud through increased control of credit card data.

Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands:

v  Visa

v  MasterCard

v  American Express

v  Discover

v  Japan Credit Bureau (JCB)

Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and card-holder data.

The Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)

The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. Power Virtual Agents has been audited to be compliant with CSA STAR.

United Kingdom Government Cloud (G-Cloud)

Government Cloud (G-Cloud) is a UK government initiative to ease procurement of cloud services by government departments and promote government-wide adoption of cloud computing.

G-Cloud comprises a series of framework agreements with cloud services suppliers (such as Microsoft), and a listing of their services in an online store, the Digital Marketplace. Inclusion in the Digital Marketplace requires a self-attestation of compliance, followed by a verification performed by the Government Digital Service (GDS) branch at its discretion.

Outsourced Services Provider’s Audit Report (OSPAR)

The OSPAR framework was established Association of Banks in Singapore (ABS), Which formulated IT security guidelines for outsourced services providers (OSPs) that week to provide services to Singapore’s financial institutions. Power Virtual Agents has OSPAR attention.

Korea-information Security Management System(K-ISMS)

K-ISMS is a country-specific ISMS framework that defines a stringent set of control requirements designed to help ensure that organizations in Korea consistently and securely protect their information assets.

Singapore Multi-Tier Cloud Security (MTCS)

The MTCS Standard for Singapore was prepared under the direction of the Information Technology Standards Committee (ITSC) of the Infocomm Development Authority of Singapore (IDA).The ITSC promotes and facilitates national programs to standardize IT and communications, and Singapore's participation in international standardization activities.

Spain Esquema National de Seguridad (ENS) High-Level Security Measures

In 2007, the Spanish government enacted Law 11/2007, which established a legal framework to give citizens electronic access to government and public services. This law is the basis for Esquema Nacional de Seguridad (National Security Framework), which is governed by Royal Decree (RD) 3/2010.

 


Licensing for Power Virtual Agents

 

Licensing for Power Virtual Agents

This whole topic includes details about Power Virtual Agents Licensing.

Power Virtual Agent is available in the US Government Community Cloud (GCC) plan. There’s an update the GCC High Plan is estimated to be available by the end of 2021.

Power Virtual Agents for Microsoft Teams plan

Power Virtual Agents for Microsoft Teams enables customers to build conversational interfaces within Microsoft Teams. The chatbots can use data stored in Microsoft Dataverse for Teams or many other sources using the supplied standard connectors.

Power Virtual Agents app in Microsoft Teams are available as part of select Microsoft 365 subscriptions with Microsoft Power Platform and Microsoft Teams capabilities, excluding plans for US government environments (GCC, GCC High, and DoD) and EDU A1 and SUB SKUs.

This table compares key capabilities in the Power Virtual Agents for Microsoft Teams plan, which is available in select Microsoft 365 subscriptions, against the standalone Power Virtual Agents subscription.

Capability

Select Microsoft 365 Subscription

Power Virtual Agent Subscription

Deploy bot to channels

Microsoft Teams

Any channel support by Power Virtual Agents

Power Automate Connectors

Standard connectors available for flows trigger from power Virtual Agents.

Premium connectors available for flows triggered from Power Virtual Agents.

Web Security

Secure access enabled by default, no ability to generate secrets to enable secure access

Ability to generate secrets and turn on or off secure access as wanted by the bot author

Use Microsoft Bot Framework Skills

Not Available

Ability to extend Power Virtual Agents bots with Microsoft Bot Framework skills

Integrated Microsoft Bot Framework dialogues

Not available

Develop custom dialogs With Bot Framework Composer

Hand off bot Conversation to a live agent

Not available

Trigger hand-off to a live agent

Upgrading Your License

To access the full range of Power Virtual Agents capabilities, you need to upgrade your plan to a standalone Power Virtual Agents subscription. After you upgrade your license, you can continue using the same bot in the same environment. Capabilities that were previously only available in a standalone license will now be available.

You can upgrade from within the Power Virtual Agents app for Microsoft Teams when prompted, as in the following example when publishing to other channels:




You can also Start 60 days Trail of Power Virtual Agent to try out all the capabilities. You'll be prompted to sign up for a trial if you try to create a bot without a license.




Stand Loan Power Virtual Agents Subscription

The standalone Power Virtual Agents subscription allows you to build chatbots on any supported channel and connect to any data using premium connectors. You can obtain a standalone Power Virtual Agents subscription from the Microsoft 365 admin center.

Other Subscription that included in Power Virtual Agent

Entitlements for Power Virtual Agents are included in Digital Messaging and Chat add ons for Dynamics 365 Customer Service.