ISO 27001 — Solving Microsoft 365

ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS) — a framework for systematically managing information-security risks. Certification requires an organisation to define an ISMS, identify risks, implement controls, and pass an independent audit. Microsoft 365 is ISO 27001 certified globally for the major Microsoft datacenters and services. ISO 27001 audit reports are available in the Microsoft Service Trust Portal. Many enterprises require their own ISO 27001 certification covering their use of Microsoft 365; Microsoft Purview Compliance Manager has a pre-built ISO 27001 assessment that maps your tenant configuration against the standard's controls. Related: ISO 27017 (cloud-specific extension) and ISO 27018 (PII protection in cloud).