Compliance

No one, not even Amazon Web Services, has more international compliance certifications than Microsoft.

In a world where accidental and unlawful data breaches are on the rise, we are committed to maintaining customer trust by protecting their data and taking considerable measures to prevent data protection incidents from occurring. As the requirements for protecting data increase, it is essential for organizations to choose a cloud service provider that makes every effort to protect customer data.

Microsoft is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance. Microsoft Power Platform, built on top of Microsoft Azure, inherits the compliance investments we are making in Azure. Trusted around the world across jurisdictions and industries, Microsoft ensures we’re meeting all security and compliance advancements and requirements through regular audits and submits self-assessments to third-party auditors. These capabilities, combined with a comprehensive portfolio of compliance certifications in both public and private sectors, enable Chief Information Security Officers to protect the entire Microsoft Power Platform deployment at scale, even as more people build apps, automation, and analytics across the organization.

Microsoft’s centralized governance, risk, and compliance tool support the implementation of a quarterly scorecard to communicate compliance, capability, and risk posture to drive readiness and minimize adverse impacts to Microsoft and our customers. A sample of compliance and regulatory coverage:

Microsoft Compliance Offerings

Compliance certifications for Microsoft Services for national, regional, and industry-specific regulations for data collection use.

Global 

CIS Benchmark
CSA-STAR attestation
CSA-STAR certification
CSA-STAR self-assessment
CyberGRX
ISO 20000-1:2011
ISO 22301
ISO 27001
ISO 27017
ISO 27018
ISO 27701
ISO 9001
SOC 1
SOC 2
SOC 3
WCAG

U.S. Government

CJIS
CNSSI 1253
DFARS
DoD IL2
DoD IL5
DoE 10
CFR Part 810
EAR (US Export Adm. Reg.)
FedRAMP
FIPS 140-2
IRS 1075
ITAR
NIST 800-171
NIST CSF
Section 508 VPATS

Industry

23 NYCRR Part 500
AFM + DNB (Netherlands)
APRA (Australia)
AMF and ACPR (France)
CDSA DPP (UK)
EBA (EU)
FACT (UK)
FCA + PRA (UK)
FDA CFR Title 21 Part 11
FERPA FFIEC (US)
FINMA (Switzerland)
FISC (Japan)
FSA (Denmark)
GLBA (US)
GSMA GxP HDS (France)
HIPAA / HITECH
HITRUST KNF (Poland)
Know Your Third Party (KY3P)
MARS-E (US)
MAS + ABS (Singapore)
MPA NBB + FSMA (Belgium)
NEN-7510 (Netherlands)
NERC OSFI (Canada)
PCI-3DS
PCI-DSS
RBI + IRDAI (India)
SEC 17a-4,
SEC 18a-6,
FINRA 4511,
CFTC 1.31
SEC Regulation SCI (US)
Shared Assessments
SOX
TISAX