Compliance
When you use Microsoft Managed Desktop, Microsoft provides you with a comprehensive set of compliance offerings. This effort helps your organization comply with the various compliance requirements.
Compliance coverage
Microsoft Managed Desktop has achieved the following certifications:
- ISO 27001 Information Security Management Standards (ISMS)
- ISO 27701 Privacy Information Management System (PIMS)
- ISO 27017 Code of Practice for Information Security Controls
- ISO 27018 Code of Practice for Protecting Personal Data in the Cloud
- ISO 9001 Quality Management Systems Standards
- ISO 20000-1 Information Technology Service Management
- ISO 22301 Business Continuity Management Standard
- Cloud Security Alliance (CSA) STAR attestation
- Cloud Security Alliance (CSA) STAR certification
- Service Organization Controls (SOC) 1, 2, 3
- Information Security Registered Assessor Program (IRAP)
- Payment Card Industry (PCI) Data Security Standard (DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Trust Alliance (HITRUST) Common Security Framework (CSF)
Auditor reports and compliance certificates
You can find relevant information, including control and technical requirements, in the Service Trust Portal (STP). This portal is the central repository for such information about Microsoft Cloud Service offerings. You can download auditor reports, compliance certificates, and more from the Audit Reports section of the STP.
Note
Because Microsoft Managed Desktop runs on Azure, relevant documents usually have file names such as "Microsoft Azure, Dynamics 365, and other Online Services". In those documents, you can usually find Microsoft Managed Desktop under the category "Microsoft Online Services" or "Monitoring + Management".
Shared responsibility
Compliance for cloud services is a shared responsibility between cloud service providers and their customers. For more information, see Shared responsibility in the cloud.