The regulatory compliance and business risk landscape is continuously evolving. At Microsoft, we appreciate our customers’ need to understand the Office 365 architecture and compliance with regulations to help them evaluate moving to Office 365. We also know you need to understand how we keep your data secure on the service on an ongoing basis.
To help with your assessment needs, we are announcing Office 365 Service Trust Portal (STP). STP is a service feature in Office 365 designed to provide deeper information on how Microsoft manages security, compliance and privacy.
Insights from this portal help you evaluate how Office 365 maintains compliance with your regulatory requirements and how you can mitigate the risks with moving to Office 365.
To continue as a leader in cloud service delivery, we know that transparency is key to gaining your trust. We believe that by being transparent with you on how we protect your data, how we ensure that it is always available, how we maintain compliance with various global standards, and how we adhere to strict privacy commitments, we will continue to have a trust-based partnership with you.
Through the STP you can get direct access to a wide variety of compliance reports and trust resources, including:
- Office 365 SOC 1 / SSAE 16 / ISAE 3402 Independent Audit Reports
- Office 365 SOC 2 / AT 101 Independent Audit Report
- Office 365 ISO 27001 (including 27018 controls) Independent Audit Report
- Various compliance reports, such as Office 365 Information Security Management System (ISMS)
- Various GRC and Trust resources, such as whitepapers, FAQs, security assessment, risk assessment and other reports that will help you perform your own risk assessment
Whether you are an existing Office 365 customer or evaluating Office 365, we hope that you will find the information on the STP valuable to your organization. To access STP, ask your Office 365 company administrator to log in at the Service Trust Portal. After an administrator has logged in, they can provide STP access to any other users in your organization, allowing you to directly access STP when you authenticate using your Office 365 credentials. If you are evaluating Office 365, you can use your Office 365 trial credentials to access STP.
If you have a comment or question on this post, or need a detailed onboarding guide to STP, email us at O365STPApprovals@microsoft.com. We look forward to seeing you on STP soon!
—Om Vaiti, senior program manager for the Office 365 Customer Trust and Advocacy Program, and Vikas Malhotra, senior solution architect for the Office 365 Customer Experience Program