Common use of Online Services Information Security Policy Clause in Contracts

Online Services Information Security Policy. Each Online Service follows a written data security policy (“Information Security Policy”) that complies with the control standards and frameworks shown in the table below. Online Service ISO 27001 ISO 27002 Code of Practice ISO 27018 Code of Practice SSAE 16 SOC 1 Type II SSAE 16 SOC 2 Type II Office 365 Services Yes Yes Yes Yes Yes Microsoft Dynamics 365 Core Services Yes Yes Yes Yes* Yes* Microsoft Azure Core Services Yes Yes Yes Varies** Varies** Microsoft Cloud App Security Yes Yes Yes Yes Yes Microsoft Graph Yes Yes Yes No No Microsoft Intune Online Services Yes Yes Yes Yes Yes Microsoft Business Application Platform Core Services Yes Yes Yes Yes Yes **Current scope is detailed in the audit report and summarized in the Microsoft Azure Trust Center. Microsoft may add industry or government standards at any time. Microsoft will not eliminate a standard or framework in the table above unless it is no longer used in the industry and it is replaced with a successor (if any). In the event Microsoft provides Customer with products not shown on the schedule above, Microsoft, where appropriate, will provide an updated schedule listing the Microsoft product or service and the applicable control standard via the Online Services Terms document. Subject to non-disclosure obligations, Microsoft will make each Information Security Policy available to Customer, along with other information reasonably requested by Customer regarding Microsoft security practices and policies. Customer is solely responsible for reviewing each Information Security Policy and making an independent determination as to whether it meets Customer’s requirements.

Appears in 4 contracts

Samples: Enrollment Agreement, Enrollment Agreement, Enrollment Agreement

AutoNDA by SimpleDocs
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!