ISO 22301:2012 Business Continuity Management Standard

Microsoft is certified for its implementation of these business continuity management standards.

Microsoft and ISO 22301

Microsoft is the first hyperscale cloud service provider to receive the ISO 22301 certification for business continuity management. An independent certification body awarded this certification to Microsoft Azure, Microsoft Azure Government, Microsoft Cloud App Security, Microsoft Intune, and Microsoft Power BI after a stringent audit covering all aspects of their business continuity processes. The audit covered the in-scope services listed below as well as Azure management features, the Azure Portal, and the systems used to monitor, operate, and update the in-scope services.

Learn about the benefits of ISO/IEC 22301 on the Microsoft Cloud.

Download the ISO/IEC 22301 backgrounder

Microsoft in-scope cloud services

  • Azure and Azure Government detailed list
  • Cloud App Security
  • Genomics
  • Graph
  • Intune
  • Microsoft Flow cloud service either as a standalone service or as included in an Office 365 or Dynamics 365 branded plan or suite
  • PowerApps cloud service either as a standalone service or as included in an Office 365 or Dynamics 365 branded plan or suite
  • Power BI cloud service either as a standalone service or as included in an Office 365 branded plan or suite

ISO 22301 Overview

The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world’s largest developer of voluntary international standards. The ISO formed the TC 223 Societal Security technical committee to develop standards for protecting society, including organizations, in the event of catastrophe such as a natural disaster, major terrorist attack, or shutdown of power grids.

Published in 2012 by the technical committee, ISO 22301:2012 is the first international standard for management systems that help ensure business continuity. ISO 22301 is the premium standard for business continuity, and certification demonstrates conformance to rigorous practices to prevent, mitigate, respond to, and recover from disruptive incidents.

female working on laptop with male colleague looking at her screen
female working on laptop with male colleague looking at her screen

Assess your GDPR compliance

Find out if your organization meets personal data protection requirements. Take our quick, interactive 10-question evaluation to assess your readiness to comply with the GDPR today.

Take the assessment

Frequently asked questions

Expand all

ISO 22301 is a certification used by enterprises and governmental organization to show their commitment to serving their customers by achieving the highest available international standard for business continuity management. ISO 22301 is a comprehensive standard which demonstrates the highest level of commitment to business continuity and disaster preparedness.

The Service Trust Portal provides independently audited compliance reports, so that your auditors can compare Microsoft's cloud services results with your own legal and regulatory requirements.

Yes. If your business requires ISO 22301 certification for implementations deployed on Microsoft services, you can use the Azure certification in your compliance assessment. You are responsible, however, for engaging an assessor to evaluate the controls, processes, and implementation for ISO 22301 compliance within your own organization and for your own applications.

Recommended Resources