To help organizations comply with national, regional, and industry-specific requirements governing the collection and use of individuals’ data, Microsoft offers the most comprehensive set of certifications and attestations of any cloud service provider.
Azure and Office 365 operated by 21Vianet have been rated at Level 3 Classification by the evaluation organizations authorized by the Ministry of Public Security (MPS) for GB/T 22239-2008. Registration certifications are issued to both services.
Microsoft Azure operated by 21Vianet adheres to Multi-Level Protection Scheme, a Chinese state cloud security standard issued by the Ministry of Public Security.Learn more (Chinese)
Our Cloud Security Alliance (CSA) STAR Self-Assessment details how Microsoft cloud services fulfill the security, privacy, compliance, and risk management requirements defined in the CSA Cloud Controls Matrix (CCM) and the Consensus Assessment Initiative Questionnaire (CAIQ).
FedRAMP is mandatory for cloud services used by U.S. federal agencies. Azure maintains a FedRAMP P-ATO at the Moderate Impact Level, and Azure Government has received a P-ATO at the High Impact Level. Dynamics CRM Online Government, Office 365 and Office 365 U.S. Government have received FedRAMP ATOs at the Moderate Impact Level.
Microsoft was the first global CSP to receive MTCS 584:2013 certification across all three MTCS security levels. Furthermore, Microsoft Azure services (IaaS and PaaS) and Microsoft Office 365 services (SaaS) were certified at Level 3 and Microsoft Dynamics CRM Online services (SaaS) were certified at Level 2.
Service Organization Controls (SOC) are a series of accounting standards that measure the control of financial information for a service organization. Azure’s SOC 1 and SOC 2 Type 2 audit reports attest to the effectiveness of the design and operation of its security controls.