HSP Data Compliance Survey Questions - MS Azure documents and survey overview
Contracted Service Provider Notice
Use of Cloud Services for storage of client records (CSPN - 202014)
The HSP Compliance survey is for clients currently using cloud services for the storage of client records.
See below questions on the survey and the Aurora software provider answer:
What is the name of the specific cloud service being used? (e.g. Microsoft Azure, Office 365)?
Microsoft Azure
Is the specific cloud service being used a Platform as a Service (PaaS) or
Software as a Service (SaaS)?
Saas
If PaaS What assurances do you have that the cloud platform service being
used as well as the system installed on the platform is secure and configured
appropriately?
N/A
If SaaS What assurances do you have that the cloud software service you are
using is secure and configured appropriately?
Microsoft Azure platform
is certified for the storage of sensitive information, see attached Microsoft
Azure - ACSC Protected Certification Letter
Does your agreement with your cloud services provider state that the records
will be hosted on an Australian server, will not be disclosed outside
Australia, and will be encrypted to at least the equivalent of Official with a
Dissemination Limiting Marker (DLM) of Sensitive? All records are hosted within the Australian Microsoft Azure
datacentre, see attached Microsoft
Azure UDLM Certification Letter