Microsoft Windows Live ID Secures ISO/IEC 27001:2005 Certification
Reston, VA – November 16, 2009-BSI announced today that Microsoft Windows Live™ ID has achieved certification to the international information security standard, ISO/IEC 27001:2005.
Microsoft takes protecting customer information seriously and chose to measure their Windows Live ID (WLID) service against the rigorous requirements of the ISO/IEC 27001:2005 standard. With independent verification of WLID’s processes and procedures, their customers can be assured that systems are in place to keep their information secure, properly managed, and maintained.
ISO/IEC 27001:2005 is an internationally recognized standard that identifies, manages and minimizes the range of threats to which information is regularly subjected. Certification to the ISO/IEC 27001:2005 standard reinforces to customers, through an independent third-party, that Microsoft operates an Information Security Management System (ISMS) in accordance with the International Organization for Standardization (ISO).
BSI is the world’s leading certification body for management systems and helps its clients comply with best practice to achieve competitive advantage. “Microsoft Windows Live ID service is the identity and authentication system provided by Windows Live. Given that more than 380 million users have credentials that work with Windows Live ID, Microsoft is committed to establishing and maintaining the strongest security protocols in the industry,” said Mark Estberg, senior director of Online Services Security & Compliance, Global Foundation Services, Microsoft. “Through our independent, third-party audits with BSI, Microsoft has verified its security system to the highest internationally recognized standard. This certification provides confirmation that our approach to managing information security risk is comprehensive and effective, which is paramount to the WLID service.”
As part of the ISO/IEC 27001:2005 process, BSI performed on-site assessments, reviewed WLID documented procedures, and audited its overall operations, processes and procedures. To determine continued compliance with ISO/IEC 27001:2005, BSI will periodically conduct routine surveillance audits of WLID’s operations.
“For a system as extensive as our Windows Live ID service, auditing our information security management systems with all its complexities was challenging, “Estberg remarked. “
“ISO/IEC 27001:2005 certification requires an organization to follow a very rigorous set of processes and procedures. Microsoft’s commitment to protecting the information of its users is vital to the organization’s continued success,” said Todd VanderVen, President of BSI Americas. “By formalizing their documentation and processes to the exacting requirements of ISO/IEC 27001:2005, Microsoft has demonstrated its guarantee to continuously improve the quality of its security. It sets a high standard for the industry and certification by the WLID group is another validation of its dedication to their customers’ interests.”
BSI is a global independent business services organization that inspires confidence and delivers assurance to over 80,000 customers with standards-based solutions. Originating as the world’s first national standards body, BSI has over 2,300 staff operating in over 120 countries through more than 50 global offices. BSI’s key offerings are:
• The development and sale of private, national and international standards and supporting information that promote and share best practice
• Second and third-party management systems assessment and certification in all critical areas of management disciplines
• Testing and certification of services and products for Kitemark and CE marking to UK, European and International standards. BSI is a Notified Body for 15 New Approach EU Directives
• Certification of high-risk, complex medical devices
• Performance management software solutions
• Training services in support of standards implementation and business best practice.
For further information, please visit www.bsiamerica.com.