ISO 9001:2015 Quality Management Systems Standards
ISO 9001 overview
ISO 9001:2015 is an international standard that establishes the criteria for a quality management system. It is the only standard in the ISO 9000 family that results in a formal certification. The standard is based on several quality management principles, including clear focus on meeting customer requirements, strong corporate governance and leadership commitment to quality objectives, process-driven approach to meeting objectives, and focus on continuous improvement. ISO 9001:2015 helps organizations improve customer satisfaction by focusing on the consistency and quality of products and services provided to customers.
Microsoft and ISO 9001:2015
An independent third-party auditing firm performed a rigorous examination of Microsoft Azure and several Microsoft online services for adherence to the quality management principles established by ISO 9001:2015. The available third-party certification provides independent confirmation that Azure and covered Microsoft online services meet the ISO 9001:2015 requirements.
Microsoft in-scope cloud services
- Azure, Azure Government, and Azure Germany
- Microsoft Cloud App Security
- Dynamics 365, Dynamics 365 Government, and Dynamics 365 Germany
- Microsoft Graph
- Microsoft Defender for Endpoint
- Microsoft Healthcare Bot
- Microsoft Managed Desktop
- Power Automate (formerly Microsoft Flow) cloud service either as a standalone service or as included in an Office 365 or Dynamics 365 branded plan or suite
- PowerApps cloud service either as a standalone service or as included in an Office 365 or Dynamics 365 branded plan or suite
- Power BI cloud service either as a standalone service or as included in an Office 365 branded plan or suite
- Power BI Embedded
- Microsoft Stream
Audits, reports, and certificates
- Azure, Dynamics 365, and Online Services: ISO9001 Certificate
- Azure, Dynamics 365, and Online Services: ISO9001 Assessment Report
- Azure, Dynamics 365, and Online Services: ISO9001 Statement of Applicability (SOA)
Frequently asked questions
To whom does the standard apply?
This standard of practice provides guidance and tools for cloud service providers and cloud service customers to ensure that cloud products and services consistently meet customers’ requirements. It is structured in a format similar to ISO 27001:2013.
Where can I get the ISO 9001:2015 audit reports and scope statements for Microsoft services?
The Service Trust Portal provides independently audited compliance reports. You can use the portal to request reports so that your auditors can compare Microsoft's cloud services results with your own legal and regulatory requirements. The FY17 Microsoft Azure ISO 9001 Assessment Report and the FY17 Microsoft Azure ISO 9001 Certificate are both available.
Does Microsoft run annual tests for infrastructure failures?
Yes. The ISO 9001:2015 annual assessment includes the underlying physical infrastructure datacenter. Review the certificate for the coverage details.
Where can I view Microsoft’s compliance information for ISO 9001:2015?
You can download the ISO 9001:2015 certificate for Azure and additional services that are in scope of this assessment.