Office 365 is compliant with many world-class industry standards, and it is verified by third parties.
- Certified for ISO 27001. ISO27001 is one of the best security benchmarks available across the world. Office 365 is the first major business productivity public cloud service to have implemented the rigorous set of physical, logical, process, and management controls defined by ISO 27001.
- EU Model Clauses. In addition to EU Safe Harbor, Office 365 is the first major business productivity public cloud service provider to sign the standard contractual clauses created by the European Union (“EU Model Clauses”) with all customers. EU Model Clauses address international transfer of data. Get a signed copy of the EU Model Clauses from Microsoft.
- HIPAA-Business Associate Agreement (HIPAA-BAA). Office 365 is the first major business productivity public cloud service provider to sign requirements for the HIPAA-BAA with all customers. HIPAA is a U.S. law that applies to healthcare entities that governs the use, disclosure, and safeguarding of protected health information (PHI), and imposes requirements on covered entities to sign business associate agreements with their vendors that use and disclose PHI. Get a signed copy of HIPAA-BAA.
- Federal Information Security Management Act (FISMA). Office 365 implements security processes that adhere to the standards required by U.S. federal agencies, and has acquired FISMA Authority to Operate (ATO) from a federal agency. U.S. federal agencies are welcome to review the Office 365 FISMA package to grant ATO.
- Data Processing Agreement. Microsoft offers a comprehensive standard data processing agreement (DPA) to all customers. DPA addresses privacy, security, and handling of customer data. Our standard data processing agreement enables customers to comply with their local regulations. Get a signed copy of the DPA.
Learn more about how Office 365 meets world-class industry standards.