Close
Share this

Independently verified

Verified by third-party auditors, Office 365 works with and meets many key world-class industry standards and certifications.

  • ISO 27001 is one of the best global security benchmarks. Office 365 is the first major business productivity public cloud service to have implemented the rigorous set of physical, logical, process, and management controls defined by ISO 27001.

    In addition to being certified under EU safe harbor, Office 365 is the first major business productivity public cloud service provider to sign the standard contractual clauses created by the European Union (“EU model clauses”) with all customers. EU model clauses address international transfers of data. Visit here to get a signed copy of the EU model clauses from Microsoft.

    To access this document, Office 365 tenant administrator login credentials are required.

    At Microsoft, we offer a comprehensive standard data processing agreement (DPA) to all customers. The DPA addresses the privacy, security, and handling of customer data. Our standard data processing agreement enables customers to comply with their local regulations. Visit here to get a signed copy of the DPA.

    To access this document, Office 365 tenant administrator login credentials are required.

    Office 365 is the first major business productivity public cloud service provider to sign requirements for the HIPAA BAA with all customers. HIPAA is a United States law that applies to healthcare entities that governs the use, disclosure, and safeguarding of protected health information (PHI), and imposes requirements on covered entities to sign business associate agreements with their vendors that use and disclose PHI. Visit here to get a signed copy of the HIPAA BAA.

    To access this document, Office 365 tenant administrator login credentials are required.

    Office 365 implements security processes that adhere to the standards required by U.S. federal agencies, and it has acquired FISMA authority to operate (ATO) from a federal agency. U.S. federal agencies are welcome to review the Office 365 FISMA package to grant ATO.

    Microsoft supports student privacy in Office 365 by complying with use and disclosure restrictions related to student data and by agreeing not to scan emails or documents for advertising purposes.

    To help you understand our approach to compliance, read Security, audits, and certifications, FAQ included.

    Take a look at how our online services compliance framework reduces your risk of operational disruptions while increasing confidence in service stability. Compliance Framework for Online Services white paper.

  • Office 365 Trust Center