Privacy and Certifications
Microsoft has placed a high priority on developing detailed and specific guidelines with regard to privacy and certifications, as explained in the following sections.
Figure 4.6 highlights the three aspects of privacy that Microsoft espouses:
Figure 4.6 Three aspects of privacy.
No advertising—A customer’s data is considered confidential, and Microsoft does not scan the contents of the database or documents to analytic, data-mining, or advertising products.
No mingling—Microsoft uses independent databases to separate one customer’s data from other customers’ data. Each database is provisioned for one customer to maximize data security and ensure integrity.
Data portability—The isolation of the Microsoft Dynamics CRM Online customer simplifies moving data between Online and On-Premises environments. The customer’s data belongs to the customer and can be removed whenever the customer desires.
Microsoft Dynamics CRM Online is certified to multiple world-class industry standards, providing a secure and tested platform. Current certifications include SSAE 16 SOC 1 (SAS 70 Type I), ISO 27001, EU Safe Harbor, EU Model Clauses, and HIPAA–HITECH, as shown in Figure 4.7.
Figure 4.7 Certifications and industry standards.
Just a few of these certifications include:
Independently verified—Microsoft uses independent third parties to verify compliance.
Certified for ISO 27001—ISO 27001 is one of the best security benchmarks available in the world.
EU model clauses/EU safe harbor—At the request of a customer, Microsoft will sign the standard agreements for “EU model clauses,” which address international transfer of data.
HIPAA-business associate agreement—The U.S. Health Insurance Portability and Accountability Act (HIPAA) governs the use, disclosure, and safeguarding of protected health information.