Office 365 is a multi-tenant cloud computing-based subscription service offering from Microsoft. Cloud computing has been defined by NIST as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or cloud provider interaction. Further, as defined within NIST SP 800-145 (The NIST Definition of Cloud Computing), the service model for Office 365 is Software-as-a-Service (SaaS). SaaS is a model of software deployment whereby one or more applications and the computational resources to run them are provided for use on demand as a turnkey service. Its main purpose is to reduce the total cost of hardware and software development, maintenance, and operations. Security provisions are carried out mainly by the cloud provider. The cloud subscriber does not manage or control the underlying cloud infrastructure or individual applications, except for preference selections and limited administrative application settings.
View other services by Microsoft:
Listed Since: 06/15/2020
Last Updated: 10/21/2022
Level 1: Self-Assessment
At level one organizations can submit one or both of the security and privacy self-assessments. These are based off of the Cloud Controls Matrix and the CSA Code of Conduct for GDPR Compliance.