Description

Veritas Alta Surveillance (VAS, formerly Veritas Advanced Supervision) stores customer data stored in Microsoft Azure. All of Microsoft's compliance information is available at https://docs.microsoft.com/en-us/compliance/regulatory/offering-home which hosts the latest copies of these reports. Microsoft provides compliance reports (if applicable) for the following regulations:

Financial Industry Regulatory Authority (FINRA) / Securities and Exchange Commission (SEC)

FINRA 4511(c) refers to the format and media requirements of SEC Rule 17a-4(f).

Compliance Overview: https://docs.microsoft.com/en-us/compliance/regulatory/offering-FINRA-4511.

FINRA 4511(c) (Microsoft Account required to download): https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide?command=Download&downloadType=Document&downloadId=19b08fd4-d276-43e8-9461-715981d0ea20&docTab=4ce99610-c9c0-11e7-8c2c-f908a777fa4d_GRC_Assessment_Reports

Gramm-Leach-Bliley Act (GLBA)

GLBA does not specify a set of specific provider controls for public cloud. However, Microsoft provides a tool (an Excel spreadsheet) that tracks the requirements of GLBA and other relevant standards. The tool explains how Azure and Office 365 comply with each requirement applicable to cloud service providers.

Compliance Overview: https://docs.microsoft.com/en-us/compliance/regulatory/offering-GLBA

Compliance Tool (Microsoft Account required to download): https://servicetrust.microsoft.com/ViewPage/TrustDocuments?command=Download&downloadType=Document&downloadId=6b218946-c235-4234-9beb-d557e39a3f44&docTab=6d000410-c9e9-11e7-9a91-892aae8839ad_Compliance_Guides

Sarbanes-Oxley Act (SOX)

There is no SOX certification or validation for cloud service providers, but Microsoft can help customers meet their SOX obligations. Microsoft maintains a SOC 1 Type II attestation appropriate for reporting on such controls across a broad portfolio of services that can be used to build a wide range of applications.

Compliance Overview: https://docs.microsoft.com/en-us/compliance/regulatory/offering-SOX

SOC 1 Type 2 Report (Microsoft Account required to download): https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3?command=Download&downloadType=Document&downloadId=516487b8-eb91-4909-8568-706857353943&tab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb&docTab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb_SOC_%2F_SSAE_16_Reports

Azure Guidance for SOX - Learn how to leverage SOC 1 Type II audit reporting to answer questions regarding SOX compliance: https://aka.ms/Azure-SOX-Guide

Health Insurance Portability and Accountability Act (HIPAA) / Health Information Trust Alliance (HITRUST) / Health Information Technology for Economic and Clinical Health Act (HITECH)

Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the Business Associate Agreement/Business Associate Contract (BAA) have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.

Compliance Overview: https://docs.microsoft.com/en-us/azure/compliance/offerings/offering-hipaa-us

HITRUST certification is used as a way of demonstrating HIPAA compliance objectives. Azure provides a HITRUST Letter of Certification (Microsoft Account required to download): https://aka.ms/AzureHiTrustLetterofCertification

Microsoft ISO-IEC 27001 certification: https://www.microsoft.com/en-us/trustcenter/compliance/iso-iec-27001

Please note that this article references sites not owned or maintained by Veritas and, as such, Veritas is not responsible for the content portrayed on such sites, including any revisions to or deletions of content or third-party software on which this article relies. User is responsible for conducting all necessary due diligence prior to following the instructions described in this article.