Microsoft cloud services compliance and risk assessment
Perform a risk assessment and assess the compliance of Microsoft cloud services
Are you assessing the risk to your organization of a move to the cloud, the purchase of cloud services, or your deployment of Microsoft cloud services?
Are you performing a risk assessment of the Microsoft cloud services you use, either because you are renewing your contract or as part of a mandated periodic review?
If so, you’ll find information here to help you assess that risk—audit reports, security assessment documents, in-depth details of how we implement and test security and privacy controls, FAQs, technical white papers, and other such information.
How Microsoft cloud services comply with global standards and requirements
To help your organization comply with national, regional, and industry-specific requirements governing the collection and use of customer data, Microsoft offers the most comprehensive set of compliance offerings of any cloud service provider.
Microsoft business cloud services operate with a cloud control framework, which aligns controls with multiple regulatory standards. We design and build our cloud services using a common set of controls, which streamlines compliance across a range of regulations not only for today, but for tomorrow as well. Then we engage independent auditors to perform in-depth audits of the implementation and effectiveness of these controls.
Learn how Microsoft cloud services have implemented security and privacy controls, and how third-party auditors have tested them.
Review audit reports
- Azure, Intune, Power BI, Cloud App Security, Microsoft PowerApps, Microsoft Flow, Microsoft Graph, Microsoft Genomics, and Microsoft Datacenter - ISO 27001 and 27018 Audit Assessment Report
- Dynamics 365 (formerly Dynamics CRM) ISO 27001 Audit Assessment Report 2017
- Dynamics 365 ISO 27018 Audit Assessment Report
- Office 365 - ISO 27001, ISO 27018, and ISO 27017 Audit Assessment Report
How you can manage data security and compliance
Microsoft employs a risk-management model of shared responsibility with the customer:
Microsoft is responsible for the platform including services offered and seeks to provide a cloud service that can meet the security, privacy, and compliance needs of your organization. As a customer, you are responsible for the environment once the service has been provisioned. You must identify which controls apply to your business and understand how to implement and configure them to manage security and compliance with applicable regulatory requirements.
Microsoft offers implementation guidance to help you accomplish these tasks and better manage the risk.
- HIPAA/HITECH Act implementation guidance for Azure and Dynamics 365 and Office 365
- Addressing HIPAA security and privacy requirements in the Microsoft Cloud
- A practical guide to designing secure health solutions using Azure
- 13 effective Azure security controls for ISO 27001 compliance
- See more security information
How Microsoft helps protect your data
Find out how Microsoft cloud services encrypt your data, achieve logical and physical isolation within a multitenant cloud environment, protect cloud services against DDoS attacks, and implement other security controls.