Office 365 helps customers with IRS 1075 regulatory compliance


With government agencies increasing investments in the cloud comes the need for solutions that are security-enhanced and scalable. That’s why, given October’s designation as National Cyber Security Awareness month, it’s a good time for us to assess the current landscape and work together with state and local government leaders to ensure they have the information and capabilities to help effectively manage sensitive citizen data.

Today, as part of an @Microsoft seminar series, at our Washington, D.C. office that looks at top policy and regulatory issues, I joined an esteemed panel of security experts to address the unique challenges facing departments and agencies and to look at the range of resources available to help them perform their mission. As part of our discussion, we focused heavily on security compliance and announced the latest installment of Microsoft’s compliance commitment: With Office 365 for Government, Microsoft is able to support customer compliance with IRS 1075. IRS 1075 provides guidance to ensure that the policies, practices, controls, and safeguards employed by recipient agencies adequately protect the confidentiality of Federal Tax Information (FTI) and related financial tax return data.

Consumers know far too well that the landscape of security protection needs constant and consistent reinforcement. That’s why we’ve been working with government for some time to ensure that our cloud offerings meet some of the highest standards. When it comes to keeping taxpayer data secure and private, this encompasses hundreds of security and privacy control requirements across multiple standards to ensure protection across the spectrum of application, platform, and data center services. For instance, IRS 1075 even prioritizes security around data center activity, including employee activity with the data, oversight of data center contractors, ensuring limited entry, and working within the IRS Safeguard review process.

Microsoft Office 365—through a comprehensive approach to compliance with industry standards and regulations—is able to address such stringent requirements of IRS 1075 and our cloud team will continue to work closely with the IRS Safeguards team. Through this process of working with our customers, we have built controls that are used by Office 365 teams to design, build, and run the service. Today we have over 1,000 such security and privacy controls in Office 365 that address various standards and regulations. This ability to support a broad scope of control and regulatory requirements has enabled us to meet some of the most stringent requirements. Signing up for those same requirements means we are doing our part to help them protect their data, whether it be IRS 1075 for financial data, CJIS for law enforcement, FERPA for education, or HIPAA for healthcare. You can see our documented list here.

Microsoft continues to be committed to deliver industry-leading cloud solutions that support our customers’ compliance needs with an evolving set of US and international government regulatory standards. To learn more about Office 365 security, privacy, and compliance, please visit the Office 365 Trust Center.

Have a comment or opinion on this post? Let me know @Microsoft_Gov. Or e-mail us at

Michael Donlan | Vice President, U.S. State and Local Government Microsoft Corp.