How Secure is Microsoft Dynamics CRM Online?

The words “cloud” and “online” can generate a considerable amount of consternation for some people who worry about the security of data stored in those systems. Customers of xRM.com frequently ask us the same question: How secure is Microsoft Dynamics CRM Online? The people that ask this question aren’t luddites. They have legitimate concerns about the security of their data in online systems.

Microsoft is the largest software company in the world, and it has put its considerable resources into ensuring that Dynamics CRM meets the strictest security standards in the world. Back in August of 2012, we wrote about the appearance of Microsoft Dynamics CRM Online on the Security, Assurance & Trust Registry created by the Cloud Security Alliance. At the time, CRM Online was one of only 1% of cloud-based solutions that had met the requirements and registered. To this day, it remains the only online CRM solution on the registry.

In addition to joining the STAR registry, Microsoft has ensured that CRM Online continues to meet the strictest security requirements:

Certified for ISO 27001

The ISO 27001 standard, created in 2005, is the standard for Information Security Management Systems (ISMS) for any kind of organization, large or small, for-profit or non-profit. ISO 27001 specifies requirements for the “establishing, implementing, monitoring, reviewing, maintaining, and improving a documented Information Security Management System.” The BSI (the organization that certifies ISO compliance) regularly audits Microsoft to ensure that CRM Online meets the ISO 27001 standards for information security.

CSA Cloud Controls Matrix

The Cloud Security Alliance Cloud Controls Matrix provides a framework of security principles designed to help cloud service providers ensure that their services offer the highest level of security. The matrix also provides customers with a way to evaluate the security practices of the cloud service providers whose services the customers are investigating.

Click here to read how Microsoft meets the security, compliance, and risk management requirements of the Cloud Control Matrix.

Safe Harbor

The European Union, which has stricter privacy rules than the United States, created the Safe Harbor requirements in 2001 to govern the transfer of personally-identifiable information out of the EU countries. Companies that wish to do business with EU customers must abide by the Safe Harbor standards. Microsoft recertifies its Safe Harbor compliance every twelve months.

EU Model Clauses

Microsoft has also made a major commitment to follow the requirements of the EU Model Clauses, which govern the transfer of personal data of residents of the European Union to locations outside the EU. Organizations that deal with the personal data of EU residents must make sure that their cloud service providers understand and abide by the conditions of the EU Model Clauses. Microsoft will also back its commitment with a signed contract. While the EU sets a high standard for the security of transmitted data, you don’t have to be an EU citizen to benefit from the EU Model Clauses.

If you are considering a cloud-based CRM solution, please visit xRM.com to learn more about Microsoft Dynamics CRM. xRM has a variety of resources including Microsoft Dynamics CRM Online webinars and a self-help video library devoted to Dynamics CRM called the Success Portal.