Azure Response to NZ GCIO 104 questions.pdf - RESPONSE TO...

This preview shows page 1 - 4 out of 49 pages.

MICROSOFT NEW ZEALAND LIMITED 22 Viaduct Harbour Avenue, Auckland RESPONSE TO GCIO CLOUD COMPUTING INFORMATION SECURITY & PRIVACY CONSIDERATIONS Microsoft Azure V6 14 July 2016
1 Table of Contents Executive Summary 2 Disclaimer 2 How to read this document 2 Security and Privacy Considerations 3 3.1 Value, Criticality and Sensitivity of Information 3 3.2 Data Sovereignty 4 3.3 Privacy 8 3.4 Governance 11 3.5 Confidentiality 19 3.6 Data Integrity 36 3.7 Availability 39 3.8 Incident Response and Management 45
2 Executive Summary In 2014 the NZ Government Chief Information Officer published a due diligence framework for agencies to use in evaluating cloud computing services. This document provides Microsoft’s responses to the questions in that framework in relation to Microsoft Azure . The document is the first in a series of such documents that Microsoft New Zealand will produce covering many of Microsoft’s cloud services. Disclaimer The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. For the latest version of this document contact Russell Craig, the Microsoft New Zealand National Technology Officer, at [email protected] This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. How to read this document The document breaks the 105 due diligence questions (the “considerations”) into their sub -sections as per the source document, and record s Microsoft’s understanding of who is responsible for responding to each question. It repeats the text in the source document and then provides the most appropriate and detailed answer possible to each question where Microsoft has sole or joint responsibility to respond. No responses to questions 1-13 are provided, as these are the sole responsibility of agencies to answer. In some cases where it may be helpful to users of this document, Microsoft has provided a response to questions where it has no responsibility to do so. Readers should note that, while the document should be helpful to both public and private sector organisations that are considering using Microsoft Azure, it has been drafted with the needs of public sector organisations being of foremost importance.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture