Auto-synced compliance coverage matrix for Azure services, sourced from Microsoft's Service Trust Portal. Search, filter, and explore compliance certifications across 17 frameworks for Azure and Azure Government.
Live site: azure-compliance.bitesinbyte.com
- A Go CLI (
cmd/sync) downloads the compliance PDF from the Service Trust Portal - Text is extracted locally using a PDF parser
- Azure OpenAI parses the compliance matrix into structured JSON
- The JSON is committed to
data/azure-compliance.jsonand the GitHub Gist is updated for backward compatibility - GitHub Pages serves an interactive, searchable compliance table from
web/
Data is checked on the 1st of every month via GitHub Actions. If the source document has changed, the data is re-synced. You can also trigger a manual sync.
The compliance data covers 17 frameworks across 2 clouds (Azure, Azure Government):
| Framework | Key |
|---|---|
| CSA STAR Certification | csaStarCertification |
| CSA STAR Attestation | csaStarAttestation |
| ISO 27001, 27018 | iso27001_27018 |
| ISO 27017 | iso27017 |
| ISO 27701 | iso27701 |
| ISO 9001, 22301, 20000-1 | iso9001_22301_20000 |
| SOC 1, 2, 3 | soc1_2_3 |
| GSMA SAS-SM | gsmaSasSm |
| HIPAA BAA | hipaaBaa |
| HITRUST | hitrust |
| K-ISMS | kIsms |
| PCI 3DS | pci3ds |
| PCI DSS | pciDss |
| Australia IRAP | australiaIrap |
| Germany C5 | germanyC5 |
| Singapore MTCS Level 3 | singaporeMtcsLevel3 |
| Spain ENS High | spainEnsHigh |
This data reflects Microsoft's platform-level compliance attestation scope as published in the official audit reports obtained from the Service Trust Portal. It does not constitute a compliance certification for any customer workload. Customers must independently assess their own control implementations. Always refer to the Microsoft Service Trust Portal for the most current and authoritative compliance information.
If you need any help or if you find any issue, please raise it here.
Licensed under the MIT license.