Introduction to Microsoft 365 governance
Microsoft understands that effective security and compliance policies must be implemented consistently across the enterprise to protect Microsoft information systems and customers. Security policies must also account for variations in business functions and information systems to be universally applicable. To meet this requirement, Microsoft implements a comprehensive security governance program as a part of the Microsoft Policy Framework. Security governance falls under the Microsoft Security Policy (MSP).
The MSP organizes Microsoft's security policies, standards, and requirements so they can be implemented across all Microsoft engineering groups and business units. Individual business units are responsible for specific implementations of Microsoft security policies. Microsoft 365 documents-specific security implementations in the Microsoft 365 Information Security Policy and the related Microsoft 365 Control Framework.
Microsoft Purview offerings
Microsoft's security governance program is informed by and aligns with a variety of regulatory and compliance frameworks. Our cloud infrastructure and offerings meet a broad set of international and industry-specific compliance standards, such as ISO, HIPAA, FedRAMP, and SOC, as well as country-specific standards, like Australia's IRAP, UK's G-Cloud, and Singapore's MTCS.
Customers can review available independent audit reports for Microsoft's online services by logging into the Service Trust Portal.