Microsoft made changes to its Microsoft Partner Program to include third party validation of security credentials for Security Solutions Competency compliance. The company also added two new specializations to the program.

Microsoft will now work with  Information Systems Audit and Control Association (ISACA) and Information Systems Security Certification Consortium - (ISC)2 - both of which offer certification programs that can now be used to validate competency for participation in Microsoft's new Security Management and Infrastructure Security specializations. The Security Management specialization is for those who focus on delivering services such as security policy, compliance, risk assessment and management and auditing. As the name implies, the Infrastructure Security specialization is focused on the technical aspects of an infrastructure.

"We’ve changed our own requirements to include \[ISACA and (ISC)2 \] certifications and extended upon what they have built: Standards and methodologies for solving industry security issues and providing guidance to help customers secure their IT infrastructure," said Thomas Dawkins, group product manager and Microsoft security partner program strategist. "This provides a unique situation where we’re increasing the level of expertise needed in the marketplace. At the same time it expands the availability and relevance of our program for our partners in the information security industry."

ISACA's Certified Information Systems Auditor (CISA) has been earned by more than 40,000 people worldwide since 1978, and the association's Certified Information Security Manager (CISM) certification has been earned by more than 5,200 people worldwide. The Certified Information Systems Security Professional (CISSP) certification from (ISC)is widely recognized, as is the consortium's Systems Security Certified Practitioner (SSCP) certification.

 “(ISC)2 and ISACA are worldwide organizations that are primarily focused on standards,” said Jeff Aliber of Unisys Corp. “The industry has rallied around these organizations to define the appropriate backgrounds and skills required for security certification."

“Increasingly, organizations worldwide are recognizing that infrastructure cannot be secured through technology solutions alone. Educated and knowledgeable security professionals are vital to protecting any organization’s information assets," said Rolf Moulton, president and interim CEO of (ISC)².

Dawkins said the newly revised Security Solutions Competency is a direct response to recommendations made by industry partners, analysts, field sales staff and others, all of whom  made specific recommendations on ways to make the program more useful.