MicrosoftMicrosoftHi Zena,
Thank you for your follow up!
I know the SDL and the compliance documents regarding cloud security. But these do only cover parts of our requirements. For example, we have to classify our suppliers according to risk into different categories. This means, that we have to check if our suppliers fulfill certain requirements. For example, do they hold a certification according to ISO 9001 or ISO 13485? If they have a Quality Management System which is not certified, and they provide us with products or services critical for safety of patients, we have to audit them to evaluate if the QMS is capable to control supply of secure products or services.
Currently we are implementing NAV 2017, cloud-based in a private Azure cloud. (Don't ask me why version 2017 and not 2018 or 365...) Regarding the Azure cloud I have all the documents I need. But as NAV 2017 is handling all our distribution data (that is, what product is delivered to which hospital), we have to validate the system (at least the cGMP relevant parts). And we have to audit the supplier (that is, the supplier of NAV 2017), if the supplier does not hold a valid QMS certificate. That is the reason why I asked for more information about the certification status. There are ISO 9001 certificates available for some Microsoft product lines, but none for Microsoft as whole corporation?
Turly yours,
Wolf
