As part of Microsoft’s commitment to compliance, we strive to ensure that our cloud services, like Office 365, meet or exceed the breadth of regulations and standards our customers require. This is especially important for government agencies, which are investing more and more in moving to cloud productivity services, and require security-enhanced and scalable cloud solutions that address a range of constantly-evolving regulatory, compliance and policy requirements.
Today, we are pleased to announce that Office 365 Government now supports customer compliance with IRS 1075, which provides guidance to ensure that the policies, practices, controls and safeguards employed by recipient agencies adequately protect the confidentiality of Federal Tax Information (FTI) and related financial data. IRS 1075 also prioritizes security aspects that include data center parameters such as employee activity, data center contractors, limited entry and IRS safeguard reviews. For more context to this announcement, you can go the Microsoft Government blog.
We are constantly working to ensure that Office 365 meets some of the highest standards for the protection of data. This encompasses hundreds of control requirements across multiple standards, which ensures data protection across the spectrum of application, platform and data center services. Through a comprehensive approach to compliance with industry standards and regulations, we are able to address the stringent requirements of IRS 1075. We will continue to work with the IRS Safeguards team, as well as other regulatory bodies across industries, to ensure our customers have clear and comprehensive assistance when working on risk management in highly regulated environments.
A comprehensive approach to compliance
Our approach to compliance, based on built-in security and privacy by design, involves proactively assessing requirements from customers of various sizes and industries—from public safety, healthcare and finance to government, defense and more. With these requirements as a base set, we have built controls that are then used by Office 365 teams to design, build and run the service. Today we have over 1,000 such controls in Office 365 that address various standards and regulations. This ability to support a broad scope of control requirements have enabled us to meet some of the most stringent of requirements, from ISO 27001 to standards like CJIS, SSAE 16, HIPAA, SOC 2 and more. You can see our documented list at the Office 365 Trust Center.
By giving our customers solutions that help support their regulatory requirements, we not only demonstrate our commitment to them but ensure our customers have a more manageable way to protect their data whether it be IRS 1075 for financial data, CJIS for law enforcement, FERPA for education or HIPAA for healthcare.
We are committed to investing in technology, processes and partnerships to deliver technology our customers can trust and help them comply with an evolving set of US and International standards. To learn more about Office 365 security, privacy and compliance please see the Office 365 Trust Center.
Frequently Asked Questions
Q. Which Office 365 SKUs support compliance with IRS 1075?
A. The Office 365 Government E1, E3, E4, K1 and K2 SKUs, otherwise known as Office 365 Government Community Cloud support compliance with IRS 1075.
Q. Where do we go to learn about various SKUs and offers in Office 365?
A. Visit Office 365 products and plans to learn more about SKUs and Office 365 offers.
Q. Where can we find general information about security, privacy and compliance Office 365?
A. Visit The Office 365 Trust Center to learn more about Office 365 enterprise security, privacy and compliance.
—Vijay Kumar and Shawn Veney
Vijay Kumar is a senior product manager and Shawn Veney is a principal architect on the Office 365 team.