Perform a risk assessment and assess the compliance of Microsoft cloud services

  • Are you assessing the risk to your organization of a move to the cloud, the purchase of cloud services, or your deployment of Microsoft cloud services?
  • Are you performing a risk assessment of the Microsoft cloud services you use, either because you are renewing your contract or as part of a mandated periodic review?

If so, you’ll find information here to help you assess that risk—audit reports, security assessment documents, in-depth details of how we implement and test security and privacy controls, FAQs, technical white papers, and other such information.

How Microsoft cloud services comply with global standards and requirements

To help your organization comply with national, regional, and industry-specific requirements governing the collection and use of customer data, Microsoft offers the most comprehensive set of compliance offerings of any cloud service provider.

Microsoft business cloud services operate with a cloud control framework, which aligns controls with multiple regulatory standards. We design and build our cloud services using a common set of controls, which streamlines compliance across a range of regulations not only for today, but for tomorrow as well. Then we engage independent auditors to perform in-depth audits of the implementation and effectiveness of these controls.

Learn how Microsoft cloud services have implemented security and privacy controls, and how third-party auditors have tested them.

SOC 1 Type 2 reports

ISO/IEC 27001 and ISO/IEC 27018 audit reports

Security assessment reports

Office 365 audit-related info

How you can manage data security and compliance

Microsoft employs a risk-management model of shared responsibility with the customer:

  • Microsoft is responsible for the platform including services offered, and seeks to provide a cloud service that can meet the security, privacy, and compliance needs of your organization.
  • As a customer, you are responsible for the environment once the service has been provisioned. You must identify which controls apply to your business, and understand how to implement and configure them to manage security and compliance with applicable regulatory requirements.

Microsoft offers implementation guidance to help you accomplish these tasks and better manage the risk.

Azure

Office 365

Dynamics 365

Specific implementations

Contact Trust Center

Need help evaluating our products? Can’t find the information you need?

Looking for general technical support?

Contact Microsoft support