All SQL Azure installations are managed in Microsoft Secure datacenters. Physical security is extremely strict. Systems used for Azure never leave the Microsoft datacenters. Failed storage media and old retired devices are destroyed on-site. Most administrative functions are automated and database level access is limited to very few people. Administrative access is controlled and audited. We only access debugging traces by customer requests. Are there specific security standards you are interested in that we should comply with?