Regulatory compliance
To help organizations meet their compliance obligations across regulated industries and markets worldwide, Microsoft Azure maintains the largest compliance portfolio in the industry both in terms of depth (number of customer-facing services in assessment scope) as well as breadth (total number of compliance offerings).
Microsoft Cloud for Sovereignty helps organizations meet many of their specific compliance requirements by building upon capabilities of Microsoft Azure’s public cloud offerings. Microsoft Cloud for Sovereignty provides additional guardrails and guidelines such as policy portfolio, a collection of Azure policy sets to help meet sovereignty and local regulations, and configurable Sovereign Landing Zones (SLZs). Additionally, we're expanding the existing Government Security Program while providing a transparency feature, transparency logs, to continue building confidence and trust from our customers and aid them in their compliance journey.
Meeting compliance requirements in the cloud is a shared responsibility. While Microsoft diligently ensures the compliance of the Azure platform and services, organizations must confirm that their applications, the infrastructure supporting those applications, and the services that third parties provide are certified as compliant. This collaborative effort ensures a comprehensive and secure compliance posture.
For more information about Azure compliance-related offerings, see the following resources:
- For a comprehensive look at compliance within Azure, visit Trust Center.
- All downloadable compliance documentation is available to Azure customers under a non-disclosure agreement from the Service Trust Portal.
- For select third-party assessments, Appendix A of Microsoft Azure - Compliance Offerings lists services in the audit scope for Azure.
- If you want to identify the availability of Azure services in specific regions, explore the Azure Global Infrastructure product availability dashboard.
Important
Organizations are wholly responsible for ensuring their own compliance with all applicable laws and regulations. The information provided in this document does not constitute legal advice, and organizations should consult their legal advisors for any questions regarding regulatory compliance.