Power Virtual Agents compliances offering

Power Virtual Agents compliance offering

Power Virtual Agents is a Core Online Service, as defined in the Online Service Terms and is complaint with or covered by:

v  Health Insurance Portability and Accountability Act (HIPAA) coverage

v  Health Information Trust Alliance (HITRUST) Common Security Framework (CSF)

v  Federal Risk and Authorization Management Program (FedRAMP)

v  System and Organization Controls (SOC)

v  Various International Organization for Standardization (ISO) certifications

v  Payment Card Industry (PCI) Data Security Standard (DSS)

v  The Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)

v  United Kingdom Government Cloud (G-Cloud)

v  Outsourced Service Provider’s Audit Report (OSPAR)

v  Korea-Information Security Management System (K-ISMS)

v  Singapore Multi-Tier Cloud Security (MTCS) Level 3

v  Spain Esquema Nacional de Seguridad (ENS) High-Level Security Measures

 

Health Insurance Portability and Accountability Act (HIPAA) coverage

 

HIPAA is a United States healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. It applies to covered entities—doctors' offices, hospitals etc. That have access to patients' protected health information (PHI), in addition to business associates—such as cloud service and IT providers—that process PHI on their behalf.

Power Virtual Agents is covered under the Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA).

You can create chatbots that handle protected health information when your organization is bound by HIPAA.

Health Information Trust Alliance (HITRUST) Common Security Framework (CSF)

HITRUST is an organization governed by representatives from the healthcare industry. This are created and maintains the Common Security Framework (CSF), a certifiable framework to help healthcare organizations and their providers demonstrate their security and compliance consistently.

The CSF builds on HIPAA and the HITECH Act, which are US healthcare laws that have established requirements for the use, disclosure, and safeguarding of individually identifiable health information and enforce non-compliance.

Federal Risk and Authorization Management Program (FedRAMP)

FedRAMP was established to provide a standardized approach for assessing, monitoring, authorizing cloud computing products and services under the Federal Information Security Management Act (FISMA) and to accelerate the adoption of secure cloud solutions by federal agencies.

Microsoft’s government cloud services meet the requirements of FedRAMP.

System and Organization Controls (SOC)

SOC is a method for assuring control regulation within a service. Power Virtual Agents has been audited to be compliant with SOC.

SOC audit reports are available from the Microsoft Service Trust Portal.

ISO Complains

Power Virtual Agents is compliant with the ISO standards listed in the following table.

Audit reports for each are available from the Microsoft Service Trust Portal.

 

Standard

Name of the Report and Certificate

Link to Standard

ISO

90001:2015

Microsoft Azure, Dynamics 365, and Other Online Service-ISO9001 Certificate and Assessment Report

ISO 9001:2015

ISO 20000

1:2011

Microsoft Azure, Dynamics 365, and Other Online Service ISO20000-1 Certificate and Assessment Report

ISO/IEC 20000-1:2011

ISO

22301:2012

Microsoft Azure, Dynamics 365, and Other Online Service ISO20000-1 Certificate Assessment Report

ISO/IEC 20000-1:2011

ISO

27001:2013

Microsoft Azure, Dynamics 365, and other Online Service-ISO27001,27018,27017,27701

ISO/IEC 27001:2013

ISO

27017:2015

Microsoft Azure, Dynamics 365, and Other Online Service-ISO27017 Certificate and Microsoft Azure, Dynamics 365

ISO/IEC 27017:2015

ISO

27018:2019

Microsoft Azure, Dynamics 365, and Other Online Service-ISO27018 Certificate and Microsoft Azure, Dynamics 365, and Other Online Service-ISO27001, 27018 ,27017,27701 Assessment Report

ISO/IEC 27018:2019

ISO

27701:2019

Microsoft Azure, Dynamics 365, and Other Online Service-ISO27701 Certificate and Microsoft Azure, Dynamics 365, and Other Online Services-ISO27001,27018,27701 Assessment Report

ISO/IEC  27701: 2019

 

                                               

Payment Card Industry (PCI) Data Security Standard (DSS)

The Payment Card Industry (PCI) Data Security Standards (DSS) form a global information security standard designed to prevent fraud through increased control of credit card data.

Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands:

v  Visa

v  MasterCard

v  American Express

v  Discover

v  Japan Credit Bureau (JCB)

Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and card-holder data.

The Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)

The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. Power Virtual Agents has been audited to be compliant with CSA STAR.

United Kingdom Government Cloud (G-Cloud)

Government Cloud (G-Cloud) is a UK government initiative to ease procurement of cloud services by government departments and promote government-wide adoption of cloud computing.

G-Cloud comprises a series of framework agreements with cloud services suppliers (such as Microsoft), and a listing of their services in an online store, the Digital Marketplace. Inclusion in the Digital Marketplace requires a self-attestation of compliance, followed by a verification performed by the Government Digital Service (GDS) branch at its discretion.

Outsourced Services Provider’s Audit Report (OSPAR)

The OSPAR framework was established Association of Banks in Singapore (ABS), Which formulated IT security guidelines for outsourced services providers (OSPs) that week to provide services to Singapore’s financial institutions. Power Virtual Agents has OSPAR attention.

Korea-information Security Management System(K-ISMS)

K-ISMS is a country-specific ISMS framework that defines a stringent set of control requirements designed to help ensure that organizations in Korea consistently and securely protect their information assets.

Singapore Multi-Tier Cloud Security (MTCS)

The MTCS Standard for Singapore was prepared under the direction of the Information Technology Standards Committee (ITSC) of the Infocomm Development Authority of Singapore (IDA).The ITSC promotes and facilitates national programs to standardize IT and communications, and Singapore's participation in international standardization activities.

Spain Esquema National de Seguridad (ENS) High-Level Security Measures

In 2007, the Spanish government enacted Law 11/2007, which established a legal framework to give citizens electronic access to government and public services. This law is the basis for Esquema Nacional de Seguridad (National Security Framework), which is governed by Royal Decree (RD) 3/2010.

 


0 comments:

Post a Comment

Popular Posts