Professional Documents
Culture Documents
71%
Leverage economies Reshape how you Drive new and more
of scale and engage with rapid sources of
expertise customers innovation
1 billion customers
90 countries worldwide
Shared Responsibility
Reduce security costs and maintain flexibility, access, and control
Trusted Cloud Principles
Commitment to principles worthy of your organizations trust
Your content should be protected by strong security, safeguarded from hackers and
unauthorized access with the state-of-the-industry technology, process and certifications.
Your content should also be encrypted in transit and at rest.
You are in control of your content, so it should only be used and shared as permitted by
you. You should always have access to it, be able to take it with you when you leave, and
have it deleted upon request.
You can meet your obligations, your content should be stored and managed in
compliance with applicable laws, regulations and key international standards.
You know what is happening with your content, with clear, plain-language explanations
of how your cloud provider uses, manages and protects your content. You should be told
how your cloud provider will respond to law enforcement requests to access your content.
Security
Strong security protects content
Secure Development and Operations Enhanced event and administrative
Secure Development Lifecycle (SDL) access logging
Operational Security Assurance Data segregation
(OSA) Identity & Access
Encryption Commitment Multi-factor Authentication
Data in transit between a user Access monitoring
and the service (SSL, PFS) Event and incident response team
Data in transit between operating 24x7
datacenters (TSL, IPsec) Physical Security
Best-in-class industry Platform security
cryptography (PFS, 2048-bits key
lengths) Network security
Data at rest (EFS, Bitlocker) Device Guard
End-to-end encryption of
communications (S/MIME, PGP,
RMS)
8
Privacy
Customers control their content
Privacy by Design Redirect law enforcement requests to
Content and data is not used for the customers
advertising and marketing Ongoing Product investments:
Protection from Government Customer generated and
Surveillance controlled encryption keys
No Standing Access policy protect data at rest
Deletion of customer data on request Customer Lockbox for Office 365
and on contract termination brings the customer into the
approval workflow
Customer choices for data location
Compliance
Customers can store and manage their content in compliance
History and Expertise
Key security certifications and attestations
ISO 27001 Certification
ISO/IEC 27018
SOC 1, SOC 2, Cloud Security Alliance Cloud Controls Matrix, EU Model
Clauses, HIPAA BAA, FedRAMP, PCI DSS
Compliance-enabled controls
FISMA/FedRAMP
Privacy protected in contractual terms
Microsoft Trust Centers give visibility into compliance efforts
Certification Audit
Transparency
Customers know what is happening
Transparent and easy-to-understand data use policies
Visibility into where data is stored
Visibility into how data is accessed and used
Visibility into processes, policies and practices via Trust Centers
Visibility into access and usage reporting
CSA STAR
Microsoft Law Enforcement Requests Report
Government Security Program
10101010101010101010101010101010
1010101010101010101010101010101010101010101010101010
Uruguay
Security in Public Sector