A logo represent compliance

ISO/IEC 20000-1:2011 Information Technology Service Management

Microsoft is certified for its implementation of these service management standards.

Microsoft and ISO/IEC 20000-1:2011

Obtaining the ISO 20000-1:2011 certification is a logical step for Microsoft Azure. We lead the industry with the most comprehensive compliance coverage, enabling customers to meet a wide range of regulatory obligations. The ISO 20000-1 certification complements our current catalog of ISO certifications including ISO 27001:2013 and ISO 9001:2015 which validate that a process of continual improvement is in place helping Microsoft Azure deliver a secure and reliable cloud service platform for our customers.

An independent third-party auditing firm performed a rigorous examination of Microsoft Azure and several Microsoft online services for adherence to the requirements established in the ISO 20000-1:2011 standard. The available ISO 20000-1 certificate demonstrates that Azure and covered Microsoft online services have implemented the right IT service management procedures to deliver efficient and reliable IT services that are subject to regular monitoring, review, and improvement.

Microsoft in-scope cloud services

  • Azure and Azure Government detailed list
  • Cloud App Security
  • Intune
  • Microsoft PowerApps
  • Microsoft Flow
  • Microsoft Graph
  • Microsoft Genomics
  • Office 365 Operated by 21Vianet
  • Power BI

Audits, Reports and certificates

2017 ISO 20000-1 documentation for Azure, Intune, Power BI, Cloud App Security, Microsoft PowerApps, Microsoft Flow, Microsoft Graph, Microsoft Genomics and Microsoft Datacenters

ISO/IEC 20000-1:2011 overview

The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world’s largest developer of voluntary international standards. The International Electrotechnical Commission (IEC) is the world’s leading organization for the preparation and publication of international standards for electrical, electronic, and related technologies.

Published under the joint ISO/IEC subcommittee in 2005 and revised in 2011, ISO 20000-1:2011 was designed to be an international standard for the establishment, implementation, operation, monitoring and review of an Information Technology Service Management System (SMS). It is the only standard in the ISO 20000 family that results in a formal certification. The standard is based on requirements for designing, transitioning, delivering and improving services to fulfil agreed service requirements and to provide value to both customers and service providers. ISO 20000-1 helps organizations provide assurance to customers that their service requirements will be fulfilled.

female working on laptop with male colleague looking at her screen
female working on laptop with male colleague looking at her screen

Assess your GDPR compliance

Find out if your organization meets personal data protection requirements. Take our quick, interactive 10-question evaluation to assess your readiness to comply with the GDPR today.

Take the assessment

Frequently asked questions

Expand all

The Service Trust Portal provides independently audited compliance reports. You can use the portal to request reports so that your auditors can compare Microsoft's cloud services results with your own legal and regulatory requirements. The FY17 Microsoft Azure ISO 20000-1 Assessment Report and the FY17 Microsoft Azure ISO 20000-1 Certificate are both available.

Yes. The ISO 20000-1:2011 annual assessment includes the underlying physical infrastructure datacenter. Please review the certificate for the coverage details.

You can download the ISO 20000-1:2011 certificate for Azure and additional services that are in scope of this assessment.

Yes. If your business is seeking certification for implementations deployed on in-scope services, you can use the relevant Microsoft certifications in your compliance assessment. However, you are responsible for engaging an assessor to evaluate your implementation for compliance, and for the controls and processes within your own organization.