Update

Author: msmbaldwin

articles/payment-hsm/certification-compliance.md

@@ -1,6 +1,6 @@
 ---
-title: Azure Payment HSM certification and Compliance
-description: Information on Azure Payment HSM certification and Compliance
+title: Azure Payment HSM certification and compliance
+description: Information on Azure Payment HSM certification and compliance
 services: payment-hsm
 author: msmbaldwin
 
@@ -12,7 +12,7 @@ ms.date: 01/25/2022
 ms.author: mbaldwin
 ---
 
-# Certification and Compliance
+# Certification and compliance
 
 Thales payShield 10K HSMs are certified to FIPS 140-2 Level 3 and PCI HSM v3.
 
@@ -25,5 +25,3 @@ The Azure Payment HSM can be deployed as part of a validated PCI P2PE and PCI PI
 - Learn more about [Azure Payment HSM](overview.md)
 - See some common [deployment scenarios](deployment-scenarios.md)
 - Read the [frequently asked questions](faq.yml)
-
-

articles/payment-hsm/deployment-scenarios.md

@@ -21,13 +21,13 @@ Thales doesn't provide PayShield SDK to customers, which supports HA over a clus
 
 ## Recommended high availability deployment
 
-:::image type="content" source="./media/deployment1.png" alt-text="Architecture diagram for high availability deployment":::
+:::image type="content" source="./media/deployment-1.png" alt-text="Architecture diagram for high availability deployment":::
 
 For High Availability, customer must allocate HSM between stamp 1 and stamp 2 (in other words, no two HSMs from same stamp)
 
 ## Recommended disaster recovery deployment
 
-:::image type="content" source="./media/deployment2.png" alt-text="Architecture diagram for disaster recovery deployment":::
+:::image type="content" source="./media/deployment-2.png" alt-text="Architecture diagram for disaster recovery deployment":::
 
 This scenario caters to regional-level failure. The usual strategy is to completely switch the application stack (and its HSMs), rather than trying to reach an HSM in Region 2 from application in Region 1 due to latency.
 

articles/payment-hsm/getting-started.md

@@ -33,7 +33,7 @@ The HSM devices will be charged based on the service pricing page. All other Azu
 
 ## payShield customization considerations
 
-If you are using payShield on-prem today with a custom firmware, a porting exercise is required to update the firmware to a version compatible with the Azure deployment. Please contact your Thales account manager to request a quote.
+If you are using payShield on-premise today with a custom firmware, a porting exercise is required to update the firmware to a version compatible with the Azure deployment. Please contact your Thales account manager to request a quote.
 
 Ensure that the following information is provided:
 - Customization hardware platform (e.g., payShield 9000 or payShield 10K)

articles/payment-hsm/media/deployment1.png renamed to articles/payment-hsm/media/deployment-1.png

@@ -1,6 +1,6 @@
 ---
 title: What is Azure Payment HSM?
-description: Learn how Azure Payment HSM is an Azure service that xxx.
+description: Learn how Azure Payment HSM is an Azure service that provide cryptographic key operations for real-time, critical payment transactions
 services: payment-hsm
 author: msmbaldwin
 tags: azure-resource-manager
@@ -19,13 +19,13 @@ Azure Payment HSM Service is a "BareMetal" service delivered using [Thales paySh
 
 Payment HSMs are provisioned and connected directly to users' virtual network, and HSMs are under users' sole administration control. HSMs can be easily provisioned as a pair of devices and configured for high availability. Users of the service utilize [Thales payShield Manager](https://cpl.thalesgroup.com/encryption/hardware-security-modules/payment-hsms/payshield-manager) for secure remote access to the HSMs as part of their Azure-based subscription. Multiple subscription options are available to satisfy a broad range of performance and multiple application requirements that can be upgraded quickly in line with end-user business growth. Azure payment HSM service offers highest performance level 2500 CPS.
 
-Azure Payment HSM a highly specialized service. Therefore, we recommend that you fully understand the key concepts, including [pricing](https://azure.microsoft.com/services/azure-payment-hsm/) and [support](getting-started.md#support). 
+Azure Payment HSM a highly specialized service. Therefore, we recommend that you fully understand the key concepts, including [pricing](https://azure.microsoft.com/services/azure-payment-hsm/) and [support](getting-started.md#support).
 
 ## Why use Azure Payment HSM?
 
-Momentum is building as financial institutions move some or all of their payment applications to the cloud. This entails a migration from the legacy on-premises (on-prem) applications and HSMs to a cloud-based infrastructure that isn't generally under their direct control. Often it means a subscription service rather than perpetual ownership of physical equipment and software. Corporate initiatives for efficiency and a scaled-down physical presence are the drivers for this. Conversely, with cloud-native organizations, the adoption of cloud-first without any on-prem presence is their fundamental business model. Whatever the reason, end users of a cloud-based payment infrastructure expect reduced IT complexity, streamlined security compliance, and flexibility to scale their solution seamlessly as their business grows.
+Momentum is building as financial institutions move some or all of their payment applications to the cloud. This entails a migration from the legacy on-premises (on-prem) applications and HSMs to a cloud-based infrastructure that isn't generally under their direct control. Often it means a subscription service rather than perpetual ownership of physical equipment and software. Corporate initiatives for efficiency and a scaled-down physical presence are the drivers for this. Conversely, with cloud-native organizations, the adoption of cloud-first without any on-premise presence is their fundamental business model. Whatever the reason, end users of a cloud-based payment infrastructure expect reduced IT complexity, streamlined security compliance, and flexibility to scale their solution seamlessly as their business grows.
 
-The cloud offers significant benefits, but challenges when migrating a legacy on-prem payment application (involving payment HSMs) to the cloud must be addressed. Some of these are:
+The cloud offers significant benefits, but challenges when migrating a legacy on-premise payment application (involving payment HSMs) to the cloud must be addressed. Some of these are:
 
 - Shared responsibility and trust – what potential loss of control in some areas is acceptable?
 - Latency – how can an efficient, high-performance link between the application and HSM be achieved?
@@ -40,11 +40,11 @@ End users of the service can leverage Microsoft security and compliance investme
 
 ### Customer-managed HSM in Azure
 
-The Azure Payment HSM is a part of a subscription service that offers single-tenant HSMs for the service customer to have complete administrative control and exclusive access to the HSM. The customer could be a payment service provider acting on behalf of multiple financial institutions or a financial institution that wishes to directly access the Azure Payment HSM service. Once the HSM is allocated to a customer, Microsoft has no access to customer data. Likewise, when the HSM is no longer required, customer data is zeroized and erased as soon as the HSM is released to ensure complete privacy and security is maintained. The customer is responsible for ensuring sufficient HSM subscriptions are active to meet their requirements for backup, disaster recovery, and resilience to achieve the same performance available on their on-prem HSMs.
+The Azure Payment HSM is a part of a subscription service that offers single-tenant HSMs for the service customer to have complete administrative control and exclusive access to the HSM. The customer could be a payment service provider acting on behalf of multiple financial institutions or a financial institution that wishes to directly access the Azure Payment HSM service. Once the HSM is allocated to a customer, Microsoft has no access to customer data. Likewise, when the HSM is no longer required, customer data is zeroized and erased as soon as the HSM is released to ensure complete privacy and security is maintained. The customer is responsible for ensuring sufficient HSM subscriptions are active to meet their requirements for backup, disaster recovery, and resilience to achieve the same performance available on their on-premise HSMs.
 
 ### Accelerate digital transformation and innovation in cloud
 
-For existing Thales payShield customers wishing to add a cloud option, the Azure Payment HSM solution offers native access to a payment HSM in Azure for "lift and shift" while still experiencing the low latency they're accustomed to via their on-prem payShield HSMs. The solution also offers high-performance transactions for mission-critical payment applications. Consequently, customers can continue their digital transformation strategy by leveraging technology innovation in the cloud. Existing Thales payShield customers can utilize their existing remote management solutions (payShield Manager and payShield TMD together with associated smart card readers and smart cards as appropriate) to work with the Azure Payment HSM service. Customers new to payShield can source the hardware accessories from Thales or one of its partners before deploying their HSM as part of the subscription service. 
+For existing Thales payShield customers wishing to add a cloud option, the Azure Payment HSM solution offers native access to a payment HSM in Azure for "lift and shift" while still experiencing the low latency they're accustomed to via their on-premise payShield HSMs. The solution also offers high-performance transactions for mission-critical payment applications. Consequently, customers can continue their digital transformation strategy by leveraging technology innovation in the cloud. Existing Thales payShield customers can utilize their existing remote management solutions (payShield Manager and payShield TMD together with associated smart card readers and smart cards as appropriate) to work with the Azure Payment HSM service. Customers new to payShield can source the hardware accessories from Thales or one of its partners before deploying their HSM as part of the subscription service. 
 
 ## Typical use cases
 
@@ -74,17 +74,17 @@ Sensitive data protection
 
 ## Suitable for both existing and new payment HSM users
 
-The solution provides clear benefits for both Payment HSM users with a legacy on-prem HSM footprint and those new payment ecosystem entrants with no legacy infrastructure to support and who may choose a cloud-native approach from the outset. 
+The solution provides clear benefits for both Payment HSM users with a legacy on-premise HSM footprint and those new payment ecosystem entrants with no legacy infrastructure to support and who may choose a cloud-native approach from the outset. 
 
-Benefits for existing on-prem HSM users
+Benefits for existing on-premise HSM users
 - Requires no modifications to payment applications or HSM software to migrate existing applications to the Azure solution
 - Enables more flexibility and efficiency in HSM utilization
 - Simplifies HSM sharing between multiple teams, geographically dispersed
 - Reduces physical HSM footprint in their legacy data centers
 - Improves cash flow for new projects
 
 Benefits for new payment participants
-- Avoids introduction of on-prem HSM infrastructure
+- Avoids introduction of on-premise HSM infrastructure
 - Lowers upfront investment via the Azure subscription model 
 - Offers access to latest certified hardware and software on-demand