Microsoft Global Foundation Services earns ISO/IEC 27001:2005 certification

Microsoft takes the protection of their information assets seriously and has chosen to measure their ongoing information security program against the ISO/IEC 27001:2005 standard’s rigorous requirements to ensure that their information security is properly managed and maintained. The international standard evolved from the British Standard, BS 7799, which was developed by the British Standards Institution (BSI). ISO/IEC 27001:2005, released in October 2005 as the successor to BS 7799-2, is an internationally recognized standard that identifies, manages and minimizes the range of threats to which information is regularly subjected.  Certification to the ISO/IEC 27001:2005 standard reinforces to customers, through an independent third-party, that Microsoft operates an Information Security Management System (ISMS) in accordance with the International Organization for Standardization (ISO).

As a leader and innovator in the certification of management systems, BSI Management Systems helps its clients to comply with best practice and achieve competitive advantage.  "Microsoft Global Foundation Services has been able to extend the Microsoft Trustworthy Computing concepts from packaged software to protecting online services at global scale," stated Charlie McNerney, Chief Information Security Officer of Microsoft Global Foundation Services. "This certification provides external validation that our approach to managing security risk in a global organization is comprehensive and effective, which is important for our business and consumer customers."

As part of the ISO/IEC 27001:2005 process, BSI performed on-site assessments, examined GFS’s documented procedures, and audited its overall operations. To determine continued compliance with ISO/IEC 27001:2005, BSI will periodically conduct routine surveillance audits of GFS’s business operations.

"For a company of our size and complexity, auditing our information security program was quite a challenge," stated Mark Plesnicher, a Sr. Security Compliance Manager at Microsoft. “The BSI team worked diligently to plan and execute an assessment process that spanned multiple sites and involved many different teams.  We are very proud to have BSI as our independent assessor."

“As the first major online service provider to earn ISO/IEC 27001:2005 certification, Microsoft is further demonstrating a commitment to making its company more secure and securing the information of its customers,” said Todd VanderVen, President of BSI Management Systems. “By formalizing their documentation and processes and using ISO/IEC 27001:2005, Microsoft will be able to improve quality as well as security and continue to raise the bar for the industry, as they have done so well over the years. The GFS team is committed and uses well organized processes – ISO/IEC 27001:2005 certification can only serve to improve an already industry-leading business that is itself considered a “standard” that many strive to achieve.”

- ENDS -

NOTES TO EDITORS

For media information
Shereen Abuzobaa
V.P. of Marketing
Phone: +1 703-464-1931
Email: shereen.abuzobaa@bsigroup.com
www.bsiamerica.com 

John A DiMaria
Product Manager; ISMS, BCMS, ITSM
Phone: 314-831-7835
Email: john.dimaria@bsigroup.com

About BSI Management Systems
BSI Management Systems is one of the world’s largest certification bodies, with over 64,000 certified locations and clients in more than 120 countries. Operating through a global network, BSI Management Systems provides assessment, certification and training services in all critical areas of management disciplines including:

• Business Continuity
• Environment
• Food Safety
• Health & Safety
• Information Security
• Integrated Management
• Quality
• Social Accountability
• Sustainable Development
• IT Service Management.

For further information on BSI Management Systems, please visit: www.bsiamerica.com

About BSI Group
BSI Management Systems is part of BSI Group, a global independent business services organization that inspires confidence and delivers assurance to customers with standards-based solutions. Originating as the world’s first national standards body, the Group has over 2,300 staff in more than 50 global offices. The Group’s key offerings are:

• The development and sale of private, national and international standards and supporting information
• Second and third-party management systems assessment and certification
• Product testing and certification of services and products
• Performance management software solutions
• Training services in support of standards implementation and business best practice.

For further information please visit www.bsigroup.com