ISO/IEC 20000-1:2018 overview
ISO/IEC 20000-1:2018 is an international standard for IT service management that defines requirements for the development, implementation, monitoring, maintenance, and improvement of an IT service management system. A related standard ISO/IEC 20000-2:2019 provides guidance on the application of service management systems. Moreover, ISO/IEC 27013:2015 guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 was released for organizations planning to implement ISO/IEC 20000-1 when ISO/IEC 27001 is already implemented or planning to implement these two standards together. ISO/IEC 20000-1:2018 is the only standard in the ISO/IEC 20000 family that results in a formal certification.
The ISO/IEC 20000-1 certificate demonstrates that a cloud service provider has implemented the right IT service management procedures to deliver efficient and reliable IT services that are subject to regular monitoring, review, and improvement. It helps organizations provide assurance to customers that their service requirements will be fulfilled.
- Azure Government
- Azure China (for more information, see Trust Center documentation)
Services in scope
For a list of Microsoft online services in audit scope, see Microsoft Azure Compliance Offerings or the Azure ISO/IEC 20000-1 certificate:
- Dynamics 365
- Microsoft 365
- Power Platform
Audit reports and certificates
The Azure ISO/IEC 20000-1 certificate covers Azure, Dynamics 365, select Microsoft 365, and Power Platform online services. You can access Azure ISO/IEC 20000-1 audit documents from the Service Trust Portal (STP) Audit Reports – ISO Reports section. You must sign in to access audit reports on the STP. For more information, see Get started with the Microsoft Service Trust Portal.
Frequently asked questions
Why is ISO/IEC 20000-1 certification important? An independent third-party auditing firm performed a rigorous examination of Azure and several Microsoft online services for adherence to the requirements established in the ISO/IEC 20000-1 standard. The available ISO/IEC 20000-1 certificate demonstrates that Azure and covered Microsoft online services have implemented the right IT service management procedures to deliver efficient and reliable IT services that are subject to regular monitoring, review, and improvement.
Where can I get the Azure ISO/IEC 20000-1 audit documentation? For links to audit documentation, see Audit reports and certificates. You must have an existing subscription or free trial account in Azure or Azure Government to sign in. You can then download audit certificates, assessment reports, and other applicable documents to help you with your own regulatory requirements.
Can I use the Azure ISO/IEC 20000-1 compliance assurances in my organization’s certification process? Yes. If your business is seeking certification for an implementation deployed using in-scope services, you can use the relevant Azure certifications in your compliance assessment. However, you're responsible for engaging an assessor to evaluate your implementation for compliance and for the controls and processes within your own organization.
- Azure compliance documentation
- Azure enables a world of compliance
- Microsoft 365 compliance offerings
- Compliance on the Microsoft Trust Center
- Microsoft Product Terms (formerly Online Services Terms)
- Microsoft Products and Services Data Protection Addendum (DPA)
- ISO/IEC 20000-1:2018 (available for purchase)