Compliance in Microsoft Cloud for Nonprofit
You're wholly responsible for ensuring your own compliance with all applicable laws and regulations. To help you meet your own compliance obligations across regulated industries and markets worldwide, Microsoft maintains the largest compliance portfolio in the industry. Compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region/country specific.
Compliance offerings are based on various types of assurances. These assurances include formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms. They also include contractual amendments, self-assessments, and customer guidance documents produced by Microsoft. For pointers to the Microsoft compliance portfolio, go to Microsoft compliance offerings.
Each compliance offering description provides links to downloadable resources to assist you with your own compliance obligations. For current coverage in our available countries/regions, see the Nonprofit compliance offerings in the following table, where ✅ indicates compliant and ❌ indicates not compliant:
| Regulation or certification | Azure SQL | Dynamics 365 Marketing | Dynamics 365 Sales | Office Online | Microsoft Power Platform | Power BI |
|---|---|---|---|---|---|---|
| Canadian Privacy Laws | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| GDPR | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Germany C5 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| ISO 22301 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| ISO 27001 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| ISO 27017 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| ISO 27018 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Netherlands BIR 2012 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| SOC 1 Type 2 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| SOC 2 Type 2 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
See also
Dynamics 365 and Power Platform data residency and privacy
Microsoft 365 data residency and privacy
Azure data residency and privacy
Microsoft compliance portal