Announcing the enhanced Office 365 SOC audit reports with new trust principles

Office 365 customers want assurance that effective controls are in place to safeguard their data. We have enhanced our Service Organization Controls (SOC) audit reports with two new trust principles, Processing Integrity and Confidentiality. These build on the established Security and Availability trust principles.

The Office 365 SOC reports are designed to provide customers with transparency into the design, implementation and operational effectiveness of security and compliance controls, as well as results of control tests as noted by our independent third party auditors. Insights from these reports help you evaluate how Office 365 maintains compliance with your regulatory requirements and also helps you manage the move to Office 365.

Based on customer feedback we also added controls and test results around the following areas:

  • Data transmission and encryption—You are able to review controls that are implemented to encrypt data transmission between Microsoft employees and Office 365 datacenters, between Office 365 clients and Microsoft datacenters, between multiple Microsoft datacenters, as well as encryption at rest within Microsoft datacenters.
  • Security development lifecycle—We detailed additional controls around how Office 365 adheres to secure development best practices, such as code reviews and risk assessments.
  • Data replication and data backup—We enhanced our testing to demonstrate effectiveness of resiliency testing capability that covers a full datacenter outage.

You can readily access this information directly from the Office 365 Service Trust Portal (STP) when you authenticate using your Office 365 credentials. To access STP, ask your Office 365 company administrator to sign in at the Service Trust Portal. Once your company administrator signs in for the first time, they can provide STP access to other users in your organization. If you are evaluating Office 365, you can use your Office 365 trial credentials to access STP.

If you have a comment or question on this post or need the detailed onboarding guide to STP, email us at O365STPApprovals@microsoft.com. We look forward to seeing you on STP soon!

—Sarah McCoy and Om Vaiti, senior program managers for the Office 365 Trust Engineering team