add compliance

David Curwin · David Curwin · commit dddc5dc4e029 · 2020-03-16T12:19:34.000+02:00
diff --git a/articles/backup/compliance-offerings.md b/articles/backup/compliance-offerings.md
@@ -0,0 +1,46 @@
+---
+title: Azure Backup compliance offerings 
+description: Summary of compliance offerings for Azure Backup
+ms.topic: conceptual
+ms.date: 03/16/2020
+---
+
+# Azure Backup compliance offerings
+
+To help organizations comply with national, regional, and industry-specific requirements governing the collection and use of individuals' data, Microsoft Azure & Azure Backup offer a comprehensive set of certifications and attestations.
+
+You can find below compliance offerings for Azure Backup to ensure your service is regulated when using the Azure Backup service.
+
+## Global
+
+* [CSA-STAR-Attestation](https://docs.microsoft.com/microsoft-365/compliance/offering-csa-star-attestation)
+* [CSA-Star-Certification](https://docs.microsoft.com/microsoft-365/compliance/offering-csa-star-certification)
+* [CSA-STAR-Self-Assessment](https://docs.microsoft.com/microsoft-365/compliance/offering-csa-star-self-assessment)
+* [ISO 20000-1:2011](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-20000-1-2011)
+* [ISO 22301](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-22301)
+* [ISO 27001](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-27017)
+* [ISO 27017](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-27017)
+* [ISO 27018](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-27018)
+* [ISO 9001](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-9001)
+* [SOC 1,2,3](https://docs.microsoft.com/microsoft-365/compliance/offering-soc)
+
+## US Government
+
+* [DoD DISA L2, L4, L5](https://docs.microsoft.com/microsoft-365/compliance/offering-dod-disa-l2-l4-l5?view=o365-worldwide)
+* [FedRAMP](https://docs.microsoft.com/microsoft-365/compliance/offering-fedramp)
+* [FIPS 140-2](https://docs.microsoft.com/microsoft-365/compliance/offering-fips-140-2)
+
+## Industry
+
+* [HIPAA](https://docs.microsoft.com/microsoft-365/compliance/offering-hipaa-hitech)
+* [HITRUST](https://docs.microsoft.com/microsoft-365/compliance/offering-hitrust)
+* [PCI DSS](https://docs.microsoft.com/microsoft-365/compliance/offering-pci-dss)
+
+## Regional
+
+* [CCSL/IRAP (Australia)](https://docs.microsoft.com/microsoft-365/compliance/offering-ccsl-irap-australia)
+* [GDPR (EU)](https://www.microsoft.com/trustcenter/privacy/gdpr)
+
+## Next steps
+
+Find the latest coverage and details about compliance in [Microsoft TrustCenter](https://www.microsoft.com/TrustCenter/Compliance/default.aspx).
diff --git a/articles/backup/security-overview.md b/articles/backup/security-overview.md
@@ -30,11 +30,11 @@ Encryption protects your data and helps you to meet your organizational security
 
 * Azure Backup supports backup and restore of Azure VMs that have their OS/data disks encrypted with Azure Disk Encryption (ADE). [Learn more about encrypted Azure VMs and Azure Backup](https://docs.microsoft.com/azure/backup/backup-azure-vms-encryption).
 
-## Protection of backup data from Accidental or malicious deletes
+## Protection of backup data from accidental or malicious deletes
 
 Azure Backup provides security features to help protect backup data even after deletion. One such feature is [soft delete](https://docs.microsoft.com/azure/backup/backup-azure-security-feature-cloud#soft-delete). With soft delete, if a malicious actor deletes the backup of a VM (or backup data is accidentally deleted), the backup data is retained for 14 additional days, allowing the recovery of that backup item with no data loss. The additional 14 days retention of backup data in the "soft delete" state doesn't incur any cost to the customer. [Learn more about soft delete](https://docs.microsoft.com/azure/backup/backup-azure-security-feature-cloud#soft-delete).
 
-## Monitoring and Alerts
+## Monitoring and alerts
 
 Azure Backup provides [built-in monitoring and alerting capabilities](https://docs.microsoft.com/azure/backup/backup-azure-monitoring-built-in-monitor) to view and configure actions for business-critical events. [Backup Reports](https://docs.microsoft.com/azure/backup/configure-reports) serve as a one-stop destination for tracking usage, auditing of backups and restores, and identifying key trends at different levels of granularity.
 
@@ -48,6 +48,10 @@ Azure Backup service uses the Microsoft Azure Recovery Services (MARS) agent to
 
 * **Recovery**: Deleted backup data is retained for an additional 14 days from the date of deletion. This ensures recoverability of the data within a given time period, so there's no data loss even if an attack happens. Also, a greater number of minimum recovery points are maintained to guard against corrupt data. [Learn more about recovering deleted backup data](https://docs.microsoft.com/azure/backup/backup-azure-security-feature#recover-deleted-backup-data).
 
+## Compliance
+
+To help organizations comply with national, regional, and industry-specific requirements governing the collection and use of individuals' data, Microsoft Azure & Azure Backup offer a comprehensive set of certifications and attestations. [See the list of compliance certifications](compliance-offerings.md)
+
 ## Next steps
 
 * [Security features to help protect cloud workloads that use Azure Backup](backup-azure-security-feature-cloud.md)
diff --git a/articles/backup/toc.yml b/articles/backup/toc.yml
@@ -346,6 +346,8 @@
       href: backup-azure-security-feature.md
     - name: Built-in security controls
       href: backup-security-controls.md
+    - name: Compliance 
+      href: compliance-offerings.md
   - name: Troubleshoot
     items:
     - name: Azure VM
