Compliance Framework

Please reference the table below for guidance on what Office 365 services can be used for what types of protected data.  Note that only services listed in Tier 3 and 4 are protected by a HIPAA Business Associates Agreement and FERPA compliance guarantees.

Tier 1

Tier 2

Tier 3

Tier 4

Privacy, Security, and Compliance Committments:

  • No mining of customer data for advertising
  • No voluntary disclosure of customer data to law enforcement agencies

Privacy, Security, and Compliance Committments:

  • Tier 1 plus:
  • ISO 27001
  • ISO 27018
  • EU Model Clauses (EUMC)

Privacy, Security, and Compliance Committments:

  • Tier 2 plus:
  • HIPAA Business Associate Agreement
  • SSAE 16 SOC 1 & SOC 2 Reports

Privacy, Security, and Compliance Committments:

  • Tier 3 plus:
  • Fed RAMP, IRS 1075, UK Official (IL2)
  • Health Information Trust Alliance (HITRUST)

Covered Services:

  • Power BI for Office 365
  • Outlook Mobile for iOS and Android
  • Sunrise for iOS and Android
  • Office 365 Advanced Security Management

Covered Services:

  • Power BI

Covered Services:

  • Microsoft Dynamics CRM Online
  • Management
  • Office 365 Video
  • Microsoft Intune
  • Sway
  • Yammer Enterprise
  • Bookings
  • Planner
  • Microsoft Teams

Covered Services:

  • Exchange Online
  • SharePoint Online
  • OneDrive for Business
  • Skype for Business
  • Project Online
  • Azure Active Directory
  • Exchange Online Protection
  • Access Online
  • Office Online
  • Office 365 ProPlus
  • Microsoft Graph
  • Office Delve