For Office 365, the security and privacy of customer data is our top priority. Microsoft invests heavily in the security capabilities and privacy standards that help keep customer data safe. In line with our commitment to provide customers the utmost transparency, we have enhanced auditing around Office 365 information security and privacy controls. We asked independent third-party auditors to test and assess Office 365 against the ISO 27001 and ISO 27018 standards, making Office 365 one of the first major cloud services to be assessed against these standards. You can now find the Office 365 ISO 27001 and ISO 27018 audit assessment report in the compliance reports section on the Office 365 Service Trust Portal (STP).
The ISO audit and assessment report provides you assurance around:
- Implementation of an information security management system for Office 365 service development, operations and support.
- Controls that we have put in place to protect personally identifiable information (PII).
- Implementation of an in-depth Office 365 information security risk management program.
We implemented a unified Office 365 control framework that turns global information security, privacy and regulatory requirements into specific controls. These controls in turn are implemented across all aspects of Office 365, such as development and operations, to help keep customer data highly secure and private. This ISO audit and assessment report along with the Office 365 ISMS Statement of Applicability (SOA) provides you in-depth insights into the controls that we have implemented in support of our security and privacy commitments.
To get the ISO audit assessment report and SOA, sign in or onboard to the Service Trust Portal (STP). For STP onboarding instructions, visit Getting started with the Office 365 Service Trust Portal. For more information or feedback, please contact us at Office 365 for Business Support; we look forward to get you started on STP!
—Reham Abdelshahid and Om Vaiti, program managers for the Office 365 Trust Engineering team