Azure Storage compliance offerings

To help you meet your own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry both in terms of breadth (total number of offerings) and depth (number of customer-facing services in assessment scope). For service availability, see Products available by region.

Azure Storage audit scope

Microsoft retains independent, third-party auditing firms to conduct audits of Microsoft cloud services. Compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region/country specific. Azure compliance certificates and audit reports state clearly which cloud services are in scope for independent third-party audits. Different audits may have different cloud services in audit scope across Azure and Azure Government cloud environments.

Azure Storage is included in many Azure compliance audits such as CSA STAR, ISO, SOC, PCI DSS, HITRUST, FedRAMP, DoD, and others. The resulting compliance assurances are applicable to:

  • Blobs (including Azure Data Lake Storage Gen2)
  • Files
  • Queues
  • Tables
  • Disks
  • Cool storage
  • Premium Storage

For the latest insight into Azure Storage compliance audit scope, see Cloud services in audit scope.

Next steps

For more information about Azure compliance, see the following information.