Service assurance in the Office 365 Security & Compliance Center
Use Service assurance in the Office 365 Security & Compliance Center to access documents that describe a variety of topics, including:
Microsoft security practices for customer data that is stored in Office 365.
Independent third-party audit reports of Office 365.
Implementation and testing details for security, privacy, and compliance controls that Office 365 uses to protect your data.
You can also find out how Office 365 can help customers comply with standards, laws, and regulations across industries, such as the:
International Organization for Standardization (ISO) 27001 and 27018
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Federal Risk and Authorization Management Program (FedRAMP)
Who can access Office 365 Service assurance, and how?
New customers, and customers evaluating Microsoft online services can access Service assurance which is included with Office 365 Enterprise E3 and E5 plans (both trial and paid subscriptions). If you don't have one of these plans and want to try Service assurance, you can sign-up for a trial of Office 365 Enterprise E5.
Existing customers of Office 365 for business can access Service assurance. If you're the Office 365 global admin (sometimes called company administrator) for your organization, you'll already have access to Service assurance, and you can onboard others. If you're not the Office 365 global admin for your organization, and you need access to Service assurance, ask your admin to add you to the Service Assurance User role group.
O365 Subscription Members can access the Service assurance section in the Office365 Protection Center by default if Service assurance roles-based access has not been implemented in your subscription. Service assurance provides reports and documents that describe Microsoft's security practices for customer data that's stored in Office 365. It also provides independent third-party audit reports on Office 365.
Note: If your company has implemented Service Assurance Roles-Based Access in your Office 365 Subscription (which could be if your organization has been provided access to custom reports), and you need access to Service assurance but it is not included in the left pane of the Security & Compliance Center, ask your Office 365 administrator to add you to the Service Assurance User role group on the Permissions page. For more information, see Onboard other Service assurance users or groups.
Service assurance roles-based access-provisioned users If your company has implemented Service assurance roles-based access, you can provide Service assurance access to all security and compliance personnel including information security, risk management, compliance, and audit teams and personnel within your organization. For details, see Onboard other Service assurance users or groups.
Service assurance is accessible by using the Security & Compliance Center. Here's how to get to there.
Sign in to Office 365 using your work or school account.
If you need access to Service assurance, and it's not included in the left pane of the Security & Compliance Center, ask your Office 365 administrator to add you to the Service Assurance User role group on the Permissions page.
Choose your industry and regional settings
When you access Service assurance for the first time, the first step is to configure your industry and regional settings. You can change these settings at any time. Configuring these settings enables Service assurance to provide you with content that is most relevant to your organization. To configure your industry and region settings:
After you access Service assurance, select Settings and the Region and industry settings page displays as shown in the following screenshot.
On the Settings page, select the down arrow next to Region and check the appropriate regions for your organization.
Select the down arrow next to Industry and check the appropriate industries for your organization.
Once you have selected regions and industries, select Save.
Find, review, and download compliance and trust content
To review and download content, select an option from the navigation pane:
Compliance reports to view independent audits and assessments of Office 365 and other Microsoft cloud services as shown in the following screen shot.
Trust documents to view information about how Microsoft operates Office 365 as shown in the following screen shot.
Audited controls to view information about how Office 365 controls meet security, compliance, and privacy requirements, as shown in the following screen shot.
Select the report you want to download, and select Save to download it to your computer. For Audited controls, select the report you want and then select Download. The table below describes the reports you can find on each Service assurance page.
Service assurance reports and documents are available to download for at least twelve months after publishing or until a new version of the document becomes available.
|Service assurance page||Content available||Description|
|Use service compliance reports to review audit assessments performed by third-party independent auditors of Office 365 Service Delivery Operations.
||FAQ and White Papers
Risk Management Reports
|Use white papers, FAQs, end-of-year reports and other Microsoft Confidential resources that are made available to you under non-disclosure agreement for your review / risk assessments.
||Global standards and regulations that Office 365 has implemented.
||Help with risk-assessment when you're evaluating, onboarding, or using Office 365 services. Find out:
- How Office 365 controls meet security, compliance, and privacy requirements.
- About testing of controls in Office 365, results of these tests, and when they were completed.
Depending on your specific set-up, options included in your view might have some differences.
Onboard other Service assurance users or groups
For accessing default reports that are generally available across all Microsoft Cloud subscriptions, you don't need to implement the Service Assurance roles-based access model and you can skip this step. However, if your organization has been provided access to custom reports then please add other users or groups to the Service Assurance roles. To add other users or groups:
In the Security & Compliance Center, select Permissions in the left pane as shown in the following screenshot.
In the right pane, select Service Assurance User, and then select Edit Role Group, and under the Members section, select Edit to add members to the Service Assurance User role as shown in the following screenshot.
In the next dialog box, search for and choose individuals or groups that need to view Service assurance compliance reports and trust resources, then select Add for each selection you make and click the X in the upper right corner of the pane when you're finished.
Every user or group that you added to the Service Assurance User role can now find Service assurance and download reports and other documents in the Security & Compliance Center.
Return to the Permissions page at any time to add more users, or remove existing ones.
Get help with Service assurance
Frequently Asked Questions
Why am I getting an error saying that documents from Service assurance are corrupted?
Most Service assurance documents are in PDF format. Choose Save to save these files to, and then open them up from, your local computer.
We’d love to hear your thoughts. Choose the type you’d like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.