Microsoft Windows Live™ ID Secures ISO/IEC 27001:2005 Certification

Press release - Reston, VA - November 16, 2009

BSI announced today that Microsoft Windows Live™ ID has achieved certification to the international information security standard, ISO/IEC 27001:2005.

Microsoft takes protecting customer information seriously and chose to measure their Windows Live ID (WLID) service against the rigorous requirements of the ISO/IEC 27001:2005 standard.  With independent verification of WLID’s processes and procedures, their customers can be assured that systems are in place to keep their information secure, properly managed, and maintained.

ISO/IEC 27001:2005 is an internationally recognized standard that identifies, manages and minimizes the range of threats to which information is regularly subjected.  Certification to the ISO/IEC 27001:2005 standard reinforces to customers, through an independent third-party, that Microsoft operates an Information Security Management System (ISMS) in accordance with the International Organization for Standardization (ISO).

BSI is the world’s leading certification body for management systems and helps its clients comply with best practice to achieve competitive advantage.  "Microsoft Windows Live ID service is the identity and authentication system provided by Windows Live. Given that more than 380 million users have credentials that work with Windows Live ID, Microsoft is committed to establishing and maintaining the strongest security protocols in the industry,” said Mark Estberg, senior director of Online Services Security & Compliance, Global Foundation Services, Microsoft. “Through our independent, third-party audits with BSI, Microsoft has verified its security system to the highest internationally recognized standard.  This certification provides confirmation that our approach to managing information security risk is comprehensive and effective, which is paramount to the WLID service.”

As part of the ISO/IEC 27001:2005 process, BSI performed on-site assessments, reviewed WLID documented procedures, and audited its overall operations, processes and procedures. To determine continued compliance with ISO/IEC 27001:2005, BSI will periodically conduct routine surveillance audits of WLID’s operations.

"For a system as extensive as our Windows Live ID service, auditing our information security management systems with all its complexities was challenging, "Estberg remarked. “
“ISO/IEC 27001:2005 certification requires an organization to follow a very rigorous set of processes and procedures.  Microsoft’s commitment to protecting the information of its users is vital to the organization’s continued success,” said Todd VanderVen, President of BSI Americas. “By formalizing their documentation and processes to the exacting requirements of ISO/IEC 27001:2005, Microsoft has demonstrated its guarantee to continuously improve the quality of its security.  It sets a high standard for the industry and certification by the WLID group is another validation of its dedication to their customers’ interests.”