Computing in the cloud raises questions about security, data protection, privacy and data ownership. Microsoft Office 365 (including Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft Lync Online branded services) is hosted in Microsoft data centers, around the world and is designed to offer the performance, scalability, security and service levels business customers expect. We have applied state-of-the-art technology, and processes to maintain consistent and reliable access, security and privacy for every user. Microsoft Online Services has built-in capabilities for compliance with a wide range of regulations and privacy mandates.

In this document you will find a detailed overview of how Microsoft Online Services fulfill the security, privacy, compliance, and risk management requirements as defined in the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM). Note that this document is intended to provide information on how Microsoft Online Services operate. Customers have a responsibility to control and maintain their environment once the service has been provisioned (i.e. user access management and appropriate policies and procedures in accordance with their regulatory requirements).

To download Microsoft Office 365 Security & Privacy, click here.