Professional Documents
Culture Documents
Microsoft Azure, Dynamics 365 and Online Services - ISO27001 and 27701 Certificate 12.18.2020
Microsoft Azure, Dynamics 365 and Online Services - ISO27001 and 27701 Certificate 12.18.2020
The Certification Body of Schellman & Company, LLC hereby certifies that the following organization operates an Information
Security Management System that conforms to the requirements of ISO/IEC 27001:2013
Microsoft Corporation
for the following scope of registration
The scope of the ISO/IEC 27001:2013 certification covers the Information Security Management System (ISMS) supporting
Microsoft Azure, Dynamics 365, and other Online Services that are deployed in Azure Public, Government and Germany
Cloud including their development, operations, and infrastructure and their associated security, privacy, and compliance
and inclusive of the requirements and control implementation guidance of ISO/IEC 27701:2019 for a privacy information
management system (PIMS) as data processor per the statement of applicability version 2020.01.
Authorized by:
Christopher L. Schellman
CEO, Schellman & Company, LLC
4010 W Boy Scout Blvd., Suite 600
Tampa, Florida 33607, United States
www.schellman.com
Page 1 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
Page 2 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
AI + Machine AI Builder
Learning
Machine Learning Studio -
Microsoft Genomics - -
Enterprise Knowledge Graph - -
Analytics Azure Analysis Services
Azure Data Explorer
Azure Synapse Analytics (formerly - SQL Data
Warehouse)
Data Factory
HDInsight
Stream Analytics
Data Catalog
Data Lake Analytics - -
Azure Data Share - -
Azure Data Lake Storage Gen1 -
Desktop Analytics - -
Compute Cloud Services
Service Fabric
Virtual Machine Scale Sets
Page 3 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
Page 4 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
Page 5 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
Page 6 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
Page 7 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
Networking ExpressRoute
Virtual Network
VPN Gateway
Azure Bastion
Azure DDoS Protection -
Azure DNS
Azure Firewall -
Azure Firewall Manager - -
Azure Front Door -
Azure Internet Analyzer - -
Azure Private Link -
Azure Web Application Firewall -
Content Delivery Network - -
Network Watcher
Traffic Manager
Virtual WAN -
Azure Public IP
Virtual Network NAT -
Page 8 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
Archive Storage -
Azure Import/Export -
Azure Data Box -
Azure HPC Cache - -
Page 9 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
US
Service/Offering Name Public Germany
Government
Intune -
Microsoft Cloud App Security -
Microsoft Graph
Microsoft Managed Desktop - -
Microsoft Stream -
Power Apps -
Page 10 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
US
Service/Offering Name Public Germany
Government
Page 11 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
Registered Scope
US
Service/Offering Name Public Germany
Government
Page 12 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
In-Scope Location(s)
Page 13 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
In-Scope Location(s)
Page 14 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
In-Scope Location(s)
Page 15 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
In-Scope Location(s)
Edge Sites
Ashburn, VA (ASH) Manila, Philippines (MNL30)
Page 16 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC
Certificate Number: 1729711-5
In-Scope Location(s)
Edge Sites
Dubai, United Arab Emirates (DXB30) Queretaro, Mexico (MEX30)
Page 17 of 17
CONDITIONS & LIMITATIONS:
1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO/IEC 27001:2013 during the period of certification.
2. This certificate is subject to the satisfactory completion of annual surveillance audits by Schellman & Company, LLC
3. ISO/IEC 27001:2013 compliance audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be
construed as a guarantee or assurance that an organization is unsusceptible to information security breaches.
4. The information in this document is provided “AS IS”, without warranties of any kind. Schellman & Company, LLC expressly disclaims any representations and warranties, including, without limitation,
the implied warranties of merchantability and fitness for a particular purpose.
5. This certificate is the property of Schellman & Company, LLC and is bound by the conditions of contract. The authenticity of this certificate can be validated by contacting Schellman & Company, LLC