# Audiology Product Data Security - Auditdata > In order to ensure trustworthy relationships with customers and partners, Auditdata maintains and continuously improve its ISMS in accordance with the Auditdata Information Security Policy. ![Product Data Security9](https://www.auditdata.com/media/tqdb4fr0/product-data-security9.png) Security is essential ## The context of the Auditdata business operation is Healthcare in both private and public sectors in worldwide markets. Providing medical device products and services including processing of sensitive personal data in development, operations and customer support set high demands on the organization’s information security capabilities. Information Security Management System In order to ensure trustworthy relationships with Customers and Partners, Auditdata maintains and continuously improve its ISMS – Information Security Management System in accordance with the Auditdata Information Security Policy. The ISMS is a management system, ensuring the implementation, maintenance, and ongoing improvement of the information security management within the organisation. The ISMS is the mechanism ensuring an effective organisational and technical security controls operation. The Auditdata ISMS is certified in accordance with ISO/IEC 27001:2013 a broad international information security standard. The ISO/IEC 27001:2013 certificate validates that Auditdata has implemented the internationally recognised information security controls defined in this standard, including guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization. ![DNV GL Logo2](https://www.auditdata.com/media/epmh2wzx/dnv-gl-logo2.svg) Microsoft Windows Azure Auditdata’s Audiology Office Management System Strato is developed using the Microsoft Windows Azure technology in accordance with the Auditdata product development processes compliant and certified with key industry standards such as ISO/IEC 27001:2013 Information Security Management System and ISO/IEC 13485 Quality Management Systems for Medical Devices. The Strato service is operated by the Auditdata’s Cloud Operations unit included in the ISO 27001 certificate scope by April 2013. Strato runs in the Microsoft Windows Azure data centers managed and operated by [Microsoft Global Foundation Services](https://azure.microsoft.com/en-us/?ocid=cloudplat_hp) (GFS). These geographically dispersed data centers also comply with key industry standards, such as ISO/IEC 27001:2013, for security and reliability. They are managed, monitored, and administered by Microsoft operations staff that have years of experience in delivering the world’s largest online services with 24 x 7 continuity. In addition to datacenter, network, and personnel security practices, Windows Azure incorporates security practices at the application and platform layers to enhance security for application developers and service administrators. ![Windows Azure Logo Png 15 (1)](https://www.auditdata.com/media/tpuhipd0/windows-azure-logo-png-15.png) Data Location ## Microsoft Datacenters Microsoft datacenters are located within three major geographic regions: Asia, Europe and United States. The specific region is selected by the Auditdata Cloud Operations unit, based on the geographical location of the customer, to support compliance with national or regional data protection legislation. Microsoft will not transfer Customer Data outside the major geographic region(s) customer specifies (for example, from Europe to U.S. or from U.S. to Asia) except where necessary for Microsoft to provide customer support, troubleshoot the service, or comply with legal requirements; or where Auditdata’s Cloud Operations unit configures the account to enable such transfer of Customer Data. Auditdata does not control or limit the regions from which customers or their end users may access Customer Data. See the E.U. Data Protection Directive section below for information on the regulatory framework under which Auditdata transfers data. For detailed information on Microsoft Windows Azure location of customer data, please see Windows Azure Trust Center ## Customer Data and Other Data Types Customer Data is all the data, including all text, sound, software or image files that an Auditdata Customer provides, or is provided on the customers behalf, to Auditdata through your use of the Services. For example, Customer Data includes data that you upload for storage or processing in the Services. It does not include configuration or technical settings and information. Customer Data includes sensitive personal data. Strato is designed specifically for secure and safe handling of sensitive personal data, and meets legal requirements on encryption and secure handling of sensitive personal data during processing (transfer, in-memory and at rest). Administrator Data is the information about administrators (including account contact and subscription administrators) provided during sign-up, purchase, or administration of the Services, such as name, address, phone number, and e-mail address. Access Control Data is used to manage access to other types of data or functions within Service. It includes passwords, security certificates, and other authentication-related data. Risk Assessment Auditdata’s selection of Cloud provider is accompanied by a comprehensive Cloud Computing Service Provider Risk Assessment, in accordance with the [ENISA Cloud Computing Risk Assessment Check List](https://www.auditdata.com/security-and-compliance/security/strato-security) (European Network and Information Security Agency) in line with the recommendations of [the Danish Data Protection Agency](https://www.datatilsynet.dk/english/) (Datatilsynet), for cloud based processing of sensitive personal data. To support Auditdata customers in the security evaluation of the Strato service, Auditdata has created a white paper to outline how essential Strato information security controls map to the ISO 27001 security controls providing customers with in-depth information on Auditdata security policies and procedures. The white paper is available on request at compliance@auditdata.com. To learn more about the compliance capabilities of Microsoft Windows Azure, please visit [Windows Azure Trust Center](https://azure.microsoft.com/en-us/overview/trusted-cloud/).