We take the protection of customer data very seriously and work hard to ensure your data is safe and that we comply with expected policies in all the regions in which we operate. Earlier this month we took another important step towards meeting the compliance needs of our customers by completing the Service Organization Controls certifications (SOC1 and SOC2) for Visual Studio Team Services. These audits evaluated the effectiveness of our internal controls impacting data security, service availability, confidentiality, and processing integrity. This report covers all of our generally available services at the time the audit began on September 15, 2015. A total of 450 controls were tested between then and December 31, 2015 with only a single minor exception reported regarding the patching status of an on-premises server.
These reports are available from us for customers who have signed nondisclosure agreements with Microsoft. If you’re interested in receiving a copy, contact your Microsoft account representative or send us email at VSTSSOCReports@microsoft.com with your name, title, and company.
This is the culmination of months’ worth of work for our team to clearly demonstrate a wide range of processes for building and operating Visual Studio Team Services designed to ensure that we are protecting customer data every step of the way. This, in addition to our ISO 27001 certification, puts us in a position to meet the security and data protection requirements for many enterprises. It’s also a step towards meeting additional compliance requirements such as HIPPA, FedRAMP, IRAP and others.
Stay tuned for more progress regarding Visual Studio Team Services compliance and certification.
Brian