ISO 22301:2019
ISO 22301:2019 overview
ISO 22301:2019 is the premium international standard for business continuity management that provides for a formal certification. ISO 22301 specifies the requirements for a Business Continuity Management System (BCMS) to help organizations protect against, prepare for, and recover from disruptive incidents. It is a comprehensive standard that organizations can use to demonstrate the highest level of commitment to business continuity and disaster preparedness.
Azure and ISO 22301
Azure has established a BCMS in accordance with the ISO 22301 standard and has received the corresponding certificate. Azure was the first hyper-scale cloud services platform to receive the ISO 22301 certification for business continuity management.
Applicability
- Azure
- Azure Government
Services in scope
For a list of Microsoft cloud services in audit scope, see the Azure ISO 22301 certificate or Cloud services in audit scope:
- Azure
- Dynamics 365
- Microsoft 365
- Power Platform
Office 365 and ISO 22301
For more information about Office 365 compliance, see Office 365 ISO 22301 documentation.
Audit reports and certificates
The Azure ISO 22301 certificate covers Azure, Dynamics 365, Power Platform, and select Microsoft 365 cloud services. You can access Azure ISO 22301 audit documents from the Service Trust Portal (STP) ISO reports section. For instructions on how to access audit reports and certificates, see Audit documentation.
Frequently asked questions
Why is ISO 22301 certification important?
The purpose of a BCMS is to provide and maintain controls for managing organization's ability to continue operations during disruptions. ISO 22301 is a comprehensive standard that demonstrates the highest level of commitment to business continuity and disaster preparedness.
How can I get the Azure ISO 22301 audit documentation?
For links to audit documentation, see Audit reports and certificates.
Can I use the Azure ISO 22301 compliance assurances in my organization’s certification process?
Yes. If your business is seeking certification for an implementation deployed using in-scope services, you can use the relevant Azure certifications in your compliance assessment. However, you're responsible for engaging an assessor to evaluate your implementation for compliance and for the controls and processes within your own organization.
Resources
- Azure compliance documentation
- Azure enables a world of compliance
- Microsoft 365 compliance offerings
- Compliance on the Microsoft Trust Center
- Microsoft Product Terms (formerly Online Services Terms)
- Microsoft Products and Services Data Protection Addendum (DPA)
- ISO 22301:2019 (available for free in read-only format)
- Principles of the reliability pillar explains how you can build a reliable application in Azure, including design, testing, and monitoring.
- Backup and disaster recovery for Azure applications explains how to test your application for disaster recovery.
- BCDR: Azure cross-region replication explains how some Azure services take advantage of paired regions to ensure business continuity and protect against data loss.
- Microsoft Cloud Enterprise Business Continuity Management (EBCM) Program provides the governance, oversight, and support for business continuity management at Microsoft. It can be downloaded from the Service Trust Portal Business Continuity and Disaster Recovery section.