ISO 27001 is one of the best security benchmarks available across the world.
EU Model Clauses
In addition to EU Safe Harbor, Microsoft Dynamics CRM Online will sign the standard contractual clauses created by the European Union (called the "EU Model Clauses") which address international transfer of data. Request a signed copy of the EU Model Clauses from Microsoft.
HIPAA-Business Associate Agreement*
Microsoft Dynamics CRM Online will sign requirements for the Health Insurance Portability and Accountability Act-Business Associate Agreement (HIPAA-BAA) with customers upon request. HIPAA is a U.S. law that applies to healthcare entities, such as doctors' offices, which the law calls covered entities. HIPAA governs the use, disclosure, and safeguarding of protected health information (PHI) and imposes requirements on covered entities to sign business associate agreements with their vendors that use and disclose PHI. Customers need IT Admin privileges to view and sign the HIPAA-BAA.
CRM Online is committed to annual SSAE 16 / ISAE 3402 attestation. The CRM Online service and supporting infrastructure has a SSAE 16 - SOC 1 Type 2 report available by request through Microsoft employees on behalf of current and prospective customers through SOC distribution. External and third parties must be under NDA to receive a copy due to contractual commitments with the third party auditor.
Dynamics CRM submitted application for FedRAMP as of 10/14/2013. We do not yet have a forecast date on when FedRAMP authorization might be granted. To learn more about the FedRAMP process, please visit the U.S. General Services Administration.