Professional Documents
Culture Documents
Azure Dynamics CRM Intune Office 365 Dynamics CRM Office 365
Online Online Government U.S. Government
BSI case study The international acceptance and applicability of ISO/IEC 27001one of the
Microsoft Sets a High Bar for most widely recognized certifications for a cloud serviceis a key reason
Information Security why certification to this standard is a foundation of Microsofts approach to
pages.bsigroup.com/l/73472/
information security. In 2009, the company received its first ISO/IEC 27001
2015-07-24/v9btr
certification for Microsoft Cloud Infrastructure and Operations (formerly
Microsoft Online Services Terms Global Foundation Services), which provides datacenters and networking
aka.ms/Online-Services-Terms for Microsoft cloud services. Currently, Microsofts cloud infrastructure and
solutions are audited once a year for ISO/IEC 27001 compliance by the
Microsoft Cloud for Government British Standards Institution (BSI), an accredited certification body, providing
aka.ms/govt-cloud
independent validation that Microsoft has implemented security controls
Microsoft Cloud Trust Center end-to-end.
www.microsoft.com/trustcenter
In addition, Microsofts cloud services were the first to adopt ISO/IEC
For more information 27018:2014, the first international code of practice for cloud privacy. This
Customers: Contact your extension of the ISO 27001 standard sets a uniform international approach
Microsoft account representative.
to protecting the privacy of personal data in the cloud, and governs the
Potential customers: Go to handling of personally identifiable information (PII) by cloud services
support.microsoft.com/contactus. providers acting as PII processors.
Frequently asked questions
Q. Why is compliance with ISO/IEC 27001 important?
Compliance with these standards, confirmed by an accredited auditor, demonstrates that
Microsoft uses internationally recognized processes and best practices to manage the
infrastructure and organization that support and deliver its cloud services. The certificate
validates that Microsoft has implemented the guidelines and general principles for initiating,
implementing, maintaining, and improving the management of information security.
Q. Where can I get the ISO/IEC 27001 audit reports and scope statements for Microsoft cloud
services?
To request copies, customers can contact their Microsoft account representative; potential
customers can go to support.microsoft.com/contactus.
Microsoft Dynamics CRM Online and Microsoft Dynamics CRM Online Government.
Microsoft Intune.
Microsoft Office 365 and Microsoft Office 365 U.S. Government: Exchange Online,
Exchange Online Archiving, Exchange Online Protection, Advanced Threat Protection,
SharePoint Online, OneDrive for Business, Project Online, Skype for Business Online,
Office Online, and Yammer.