This article is for informational purposes only. The information contained in this article must not be construed as legal advice. You must seek your own legal counsel for advice on compliance with regulatory requirements impacting your organisation.
Anyone who collects and stores data has a duty of care to ensure that any sensitive, personal or private data is stored securely.
SPORTSGROUND LTD MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS ARTICLE.
This article is intended for IT decision makers, and provides information about how the Sporty.co.nz platform uses Microsoft Azure to help address compliance, security and privacy requirements.
The Sporty platform is fully hosted with Microsoft Azure, a trusted cloud-based platform that provides the benefits of cloud computing.
Azure is designed, built, operated and independently certified enables government agencies to meet the security and privacy requirements established by three key New Zealand information security and privacy mechanisms: the Protective Security Requirements, the NZ government Cloud Computing Risk & Assurance Framework and the Privacy Act 2020.
Azure provides multiple levels of security, including:
- Physical protection of data centre locations to protect against physical intrusion, power failure, and network outages
- Encryption to protect data in transit and at rest
- Extensive monitoring, logging and threat detection
Microsoft designs and operates Azure using security best practices, which are embodied in programs such as the Microsoft Security Development Lifecycle (SDL), Microsoft Operational Security Assurance (OSA), and an “assume breach” strategy. Together, these programs and strategies help ensure that Azure is resilient to attack. Microsoft operates Azure in accordance with internationally recognised standard such as ISO 27001 and ISO 27018.
Should customers have concerns over data sovereignty, Azure provides complete control over where their data lives by allowing them to choose from a large global network of data centre regions across Asia, the Americas, and Europe. Microsoft does not provide any third party with direct or unfettered access to customer data, and always attempts to redirect government requests for data to the customer. Additionally, tenant isolation and strict access controls help ensure that only customers can access their data by default.
Although Azure addresses the compliance, security, and privacy requirements that New Zealand identifies, some requirements are the responsibility of the customer, such as controlling administrator passwords, and it is important for customers to understand the shared responsibilities associated with Azure.
Find more information regarding Microsoft Azure Compliance In the context of New Zealand Security and Privacy Requirements here.
Related Sporty support article: recommendation to use https.