Tuesday March 21, 2023
Microsoft announced today that they have successfully passed the certification Cloud Data Management Capabilities (CDMC) 14 Key Controls and Automations have received. This means that Microsoft is now even better suited to bringing sensitive data securely to the cloud. Conducted by Accenture and Avanade, the certification demonstrates Microsoft’s commitment to providing comprehensive CDMC cloud data management automations and controls to increase trust in the cloud.
The 14 key controls at a glance:
Governance and Accountability
- Monitor compliance with data security policies for any data containing sensitive information through metrics and automated alerts.
- The owner field in a record must be populated for all sensitive data or otherwise reported to a defined workflow.
- A registry of authoritative data sources and mount points must be populated for all records containing sensitive data.
- Data sovereignty and the cross-border data exchange of sensitive data must be recorded, traceable and controlled in accordance with defined guidelines.
Cataloging and Classification
- Cataloging must be automated for all data as soon as it is created or imported, with a consistent application across all environments.
- Classification must be automated for all data as soon as it is created or imported and always enabled.
Accessibility and Use
- Access permissions for sensitive data must be set by default for the creator and owner, and access must be tracked for all sensitive data.
- The purpose of data use must be stated for all data sharing agreements containing sensitive data.
protection and privacy
- Appropriate security controls must be activated for sensitive data and evidence must be recorded.
- Data protection impact assessments must be triggered automatically for all personal data according to their responsibility.
- Data quality measurement must be enabled for sensitive data, and metrics must be distributed when they are available.
- Data retention, archiving and deletion must be managed according to a defined retention schedule.
Data and technical architecture
- Data lineage information must be available for all sensitive data.
- Cost metrics directly related to data usage, storage, and movement must be available in the catalog.