Microsoft

Self-hostedVerified May 2026
servicetrust.microsoft.com
Trust Center
www.microsoft.com
Website

Microsoft Compliance & Certifications

SOC 1 Type IISOC 2 Type IISOC 3ISO 27001ISO 27017ISO 27018ISO 20000ISO 22301ISO 9001PCI DSSHIPAAFedRAMPHITRUSTGDPRCSA STAR

Frequently Asked Questions

Does Microsoft have SOC 1 Type II?

Yes. Microsoft holds SOC 1 Type II, SOC 2 Type II, SOC 3, ISO 27001, ISO 27017, ISO 27018, ISO 20000, ISO 22301, ISO 9001, PCI DSS, HIPAA, FedRAMP, HITRUST, GDPR, CSA STAR certifications. You can view their trust center at servicetrust.microsoft.com for full security and compliance documentation.

Where can I find Microsoft's security documentation?

Microsoft publishes their trust center at servicetrust.microsoft.com. It includes security policies, compliance certifications (SOC 1 Type II, SOC 2 Type II, SOC 3, ISO 27001, ISO 27017, ISO 27018, ISO 20000, ISO 22301, ISO 9001, PCI DSS, HIPAA, FedRAMP, HITRUST, GDPR, CSA STAR), and other documentation.

Does Microsoft have ISO 27001 certification?

Yes, Microsoft is ISO 27001 certified. This international standard confirms they have implemented a comprehensive information security management system (ISMS).

Is Microsoft HIPAA compliant?

Yes, Microsoft is HIPAA compliant and can support healthcare organizations that handle protected health information (PHI).

More on Self-hosted

37 companies use Self-hosted on TrustLists
AgentnoonAirtableAmazon Web ServicesCloudflareDocuSignDojah IncGitHubGoogle Workspace