10 Questions You Should Always Ask Your Support Service Provider

As a business with support needs, you need to be able to put your trust in your support service provider - that includes the ability to trust your provider to protect and respect your data.

Trying to decide if Microsoft is right for you? Microsoft gives you the answers you need in our Business Support Trust Center. Determine the security and trustworthiness of support services and choose a support service provider that meets your security expectations. Don’t make your decision without getting answers to these 10 key privacy and security questions:

  1. Trust: Are you transparent with the way you collect, use, and access my data?
    Microsoft’s answer: Yes. The Privacy page explains how your data is collected and what we do with that information internally.

  2. Security: How is my data protected when held by you?
    Microsoft’s answer: The Security page describes the CSS "defense in depth" approach to security.

  3. Government Intrusion: Will you voluntarily share data with Government Law Enforcement Agencies?
    Microsoft’s answer: No. The Privacy page explains how CSS handles such requests.

  4. Contractual obligation: Do you put Data Protection commitments in writing?
    Microsoft’s answer: Yes. The Regulatory page describes how CSS supports regulatory compliance and data processing agreement (DPA) that we will sign with customers.

  5. Data use: How will my data be used in your service?
    Microsoft’s answer: As described on the Data Use page, we use your data to provide the support service.

  6. Sharing: Do you share my data with Third Parties?
    Microsoft’s answer: Yes, but only with subcontractors when necessary to provide services. The Third Parties page explains our use of subcontractors and the controls we have in place to manage them.

  7. Data Location: Will you tell me where my data is stored?
    Microsoft’s answer: Yes. The Geographic Boundaries section of the Trust Center describes where we store customer data.

  8. Data Transfer: Do you comply with European Union (EU) regulations restricting the transfer of data out of certain countries or regions?
    Microsoft’s answer: Yes, the Regulatory page describes how CSS abides by the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, retention & transfer of data from the EU, and Switzerland.

  9. Advertising: Will you share my data with Third Party Advertisers?
    Microsoft’s answer: No, as described in the Data Use page Microsoft Customer Support does not share customer data with third parties for the purposes of advertising.

  10. Security: How do you ensure my data is only accessed and used by authorized resources?
    Microsoft’s answer: Microsoft has extensive controls in place. The Security page describes the approach CSS takes to control the access to and use of its systems.

Microsoft Support Services Top Trust Tenets

  1. We use customer data only to provide or improve Microsoft services.

  2. We don’t "data mine" or access your data for advertising purposes.

  3. We maintain an active training and awareness program designed to reinforce our policies on the access, use and safeguarding of customer data.

  4. We employ security across many layers. These include the network layer, the system layer, the application layer, and the physical layer, among others.

  5. We restrict physical data center access to authorized personnel and have implemented multiple layers of physical security, such as biometric readers, motion sensors, 24-hour secured access, video camera surveillance, and security breach alarms.

  6. We enable encryption of data via the network as it is transmitted between a data center and a user. We use advanced technology, including 128-bit Transport Layer Security (TLS) 1.2 Secure Sockets Layer (SSL3) encryption.

  7. We enforce password complexity to increase security of your data.

  8. We employ comprehensive antimalware software to protect customer data.

  9. We have implemented a robust business continuity management program.

  10. We are willing to contractually commit to the promises made here - for more information, visit the Regulatory page.