Microsoft and ISO/IEC 27001
The international acceptance and applicability of ISO/IEC 27001 is the key reason why certification to this standard is at the forefront of Microsoft’s approach to implementing and managing information security. Microsoft’s achievement of ISO/IEC 27001 certification points up its commitment to making good on customer promises from a business, security compliance standpoint. Currently, both Azure Public and Azure Germany are audited once a year for ISO/IEC 27001 compliance by a third party accredited certification body, providing independent validation that security controls are in place and operating effectively.
Learn about the benefits of ISO-Iec-27001 on the Microsoft Cloud.
Download the ISO/IEC 27001:2013 information security management standardsMicrosoft in-scope cloud services
Audits, Reports and certificates
Audit cycle: Microsoft cloud services are audited at least annually against the ISO 27001:2013 standard.
ISO/IEC 27001 overview
The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world’s largest developer of voluntary international standards. The International Electrotechnical Commission (IEC) is the world’s leading organization for the preparation and publication of international standards for electrical, electronic, and related technologies.
Published under the joint ISO/IEC subcommittee, the ISO/IEC 27000 family of standards outlines hundreds of controls and control mechanisms to help organizations of all types and sizes keep information assets secure. These global standards provide a framework for policies and procedures that include all legal, physical, and technical controls involved in an organization’s information risk management processes.
ISO/IEC 27001 is a security standard that formally specifies an Information Security Management System (ISMS) that is intended to bring information security under explicit management control. As a formal specification, it mandates requirements that define how to implement, monitor, maintain, and continually improve the ISMS. It also prescribes a set of best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures. Certification to ISO/IEC 27001 helps organizations comply with numerous regulatory and legal requirements that relate to the security of information.
Assess your GDPR compliance
Find out if your organization meets personal data protection requirements. Take our quick, interactive 10-question evaluation to assess your readiness to comply with the GDPR today.
Take the assessmentFrequently asked questions
Recommended Resources
Featured Resources
- Mapping Microsoft Cyber Offerings to: NIST Cybersecurity (CSF),CIS Controls and ISO27001:2013 Frameworks
- The ISO/IEC 27000 Directory
- ISO/IEC 27001: 2013 standard (for purchase)
- Microsoft sets a high bar for information security (BSI case study)
- Microsoft Common Controls Hub Compliance Framework
- Microsoft Online Services Terms
- Microsoft Cloud for Government