As part of our commitment to providing our customers with the peace of mind that your applications, and data, are safe and available in Office 365, we are pleased to announce that Microsoft Office 365 has achieved ISO 22301 certification. ISO 22301 is the premium standard for business continuity, and certification demonstrates conformance to rigorous practices to prevent, mitigate, respond to, and recover from disruptive incidents.


For years, we’ve heard from organizations about the importance of disaster preparedness and continuous improvement in their operations to ensure their IT systems can survive, and be restored, in the aftermath of major incidents (such as natural disasters, power outages, or cyber-attacks). We were the first major cloud provider to prove our commitment of being fully prepared for all eventualities through this internationally recognized standard for business continuity. 


What does this mean for our customers? It gives you the assurance that you can trust Microsoft Office 365 with your mission critical content by providing an extensive independent 3rd party audit of all aspects of Office 365’s business continuity. This includes the following:

  • how backups are validated
  • how recovery is tested
  • documented training for critical staff
  • the level of resources available
  • buy-in by senior management
  • how risks are assessed/mitigated
  • adherence to legal/regularly requirements
  • the process for response to incidents
  • the process for learning from incidents


Achieving the ISO 22301 certification demonstrates the seriousness of our commitment to providing you the highest quality of service, and we’ll continue to prioritize our customer data’s continuity and ensure we are handling it responsibly.


To learn more about Microsoft Office 365’s ISO 22301 certification and download a copy of the certification, please see the resources below:



Occasional Visitor

Dear Ryan,


As I can read in your profile, you are " Product marketing manager within the Microsoft 365 Compliance team responsible for the Microsoft Trust Center and Service Trust Portal." Maybe you can help me and give me some directions where I can find information I am looking for. I am quality manager in the medical device industry, and my company is using Microsoft Dynamics NAV 2017.


On the Trust Center page, I can find serveral certificates, like for compliance with ISO 9001:2015, ISO 20000, ISO 22301, ISO 27001, ISO 27018. But these seem to be more "product specific", like for "Azure" or "Dynamics 365 (formerly Dynamics CRM)". I would like to know if Microsoft is having a quality management system (certified or not) for the company, or are just the different sections/departments certified?


You know, as a medical device manufacturer we are required by law, that we audit our critical suppliers, if they do not have required certifications.


Maybe you can give me some information, how quality management procedures/requirements are handled at Microsoft? Do you have some kind of internal quality management system? Or are you using international standards like ISO 12207 or ISO 15289?


Truly yours,





Hi Wolf,


Thanks for reaching out! I will look into this and get back to you as soon as possible. It may not be until next week.



Ryan Symes