Office 365 is compliant with many world-class industry standards, and it is verified by third parties.
- Certified for ISO 27001. ISO27001 is one of the best security benchmarks available across the world. Office 365 is the first major business productivity public cloud service to have implemented the rigorous set of physical, logical, process, and management controls defined by ISO 27001.
- EU Model Clauses. In addition to being certified under EU Safe Harbor, Office 365 is the first major business productivity public cloud service provider to sign the standard contractual clauses created by the European Union (“EU Model Clauses”) with all customers. EU Model Clauses address international transfers of data. Read here to understand some frequently asked questions on EU Model clauses. Visit here to get a signed copy of the EU Model Clauses from Microsoft.
- Data processing agreement. Microsoft offers a comprehensive standard data processing agreement (DPA) to all customers. The DPA addresses the privacy, security, and handling of customer data. Our standard data processing agreement enables customers to comply with their local regulations. Get a signed copy of the DPA.
- HIPAA Business Associate Agreement (HIPAA BAA). Office 365 is the first major business productivity public cloud service provider to sign requirements for the HIPAA BAA with all customers. HIPAA is a U.S. law that applies to healthcare entities that governs the use, disclosure, and safeguarding of protected health information (PHI), and imposes requirements on covered entities to sign business associate agreements with their vendors that use and disclose PHI. Read the HIPAA/HITECH FAQ to understand some frequently asked questions on the HIPAA/HITECH Business Associate Agreement. Get a signed copy of HIPAA BAA.
- Federal Information Security Management Act (FISMA). Office 365 implements security processes that adhere to the standards required by U.S. federal agencies, and it has acquired FISMA Authority to Operate (ATO) from a federal agency. U.S. federal agencies are welcome to review the Office 365 FISMA package to grant ATO. Read here to understand some frequently asked questions on FISMA.
- Family Educational Rights and Privacy Act (FERPA). Microsoft supports student privacy in Office 365 by complying with use and disclosure restrictions related to student data and by agreeing not to scan emails or documents for advertising purposes.
To understand our approach to compliance, read these simple questions and answers. You can also read our these common questions to understand how we help you meet your regulatory compliance needs.