// Trust & Security Report

    MicroStrategy Inc. logo

    MicroStrategy Inc.

    Enterprise business intelligence, analytics, and AI platform. Core products include MicroStrategy Cloud (SaaS), MicroStrategy ONE (unified platform for enterprises), and Mosaic (universal semantic layer for governed AI). Supports 200+ data source connectors.

    Certifications held

    7

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001
    HELD

    ISO 27001 Certified for Managed Cloud Enterprise

    Verify on www2.microstrategy.com
    SOC 2 Type II
    HELD

    SOC2 Type II Audit for Managed Cloud Enterprise

    Verify on www2.microstrategy.com
    HIPAA
    HELD

    Strategy fully-managed HIPAA Compliant Cloud solution

    Verify on www2.microstrategy.com
    PCI DSS
    HELD

    PCI DSS Compliant Cloud Platform

    Verify on www2.microstrategy.com
    GDPR
    HELD

    MicroStrategy AI applications support data privacy and confidentiality by not retaining any user data, with the platform configured to prevent data retention or usage for model training, ensuring GDPR compliance

    Verify on strategy.com
    FedRAMP
    HELD

    FedRAMP Certified as of 11/17/2022 at the Class C (Moderate) impact level (Rev5) for MicroStrategy Cloud for Government

    Verify on fedramp.gov
    BSI C5
    HELD

    BSI C5 (Germany) Assessment

    Verify on www2.microstrategy.com
    > Show 2 unconfirmed / not-held certifications
    CSA STAR
    NOT CONFIRMED

    CSA STAR Level 1 self-assessment from April 2022 is now marked as deprecated (not updated in >1 year), indicating no current active STAR certification maintained

    source: cloudsecurityalliance.org
    ISO/IEC 42001 (AI Management Systems)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multiple regions (AWS, Azure, Google Cloud across 36+ regions); product origin: United States

    MicroStrategy explicitly states it does not use customer inputs, chat history, or communications to train MicroStrategy's or third-party AI models. Intelligent features do not store or retain conversation histories past the active user session. No data retention for model training.

    // Security controls

    Data Encryption in Transit

    IPsec and/or SSL VPN gateways with industry-standard encryption algorithms (HTTPS/TLS)

    www2.microstrategy.com

    Data Encryption at Rest

    AES-256 encryption leveraging native encryption tools and key management systems from public cloud providers. MicroStrategy Encryption Key Manager (EKM) creates and manages unique encryption keys for sensitive information.

    www2.microstrategy.com

    Vulnerability Management

    Extensive vulnerability scanning and analysis across technology stack. Annual penetration tests by third-party security firms. Issues prioritized and resolved promptly.

    www2.microstrategy.com

    Audit & Logging

    Multi-layer encryption and blockchain-based audit trails for cloud services

    strategy.com

    Network Security

    Defense-in-depth strategy with robust network security, data encryption, and comprehensive access controls

    www2.microstrategy.com

    // Products & data scope

    MicroStrategy Cloud (Managed Cloud Enterprise)BI/Analytics Platform

    data: Customer data stays within customer-controlled infrastructure; no training on customer data

    Holds ISO 27001, SOC 2 Type II, HIPAA, PCI DSS, GDPR compliance, BSI C5. Supports multi-cloud deployment (AWS, Azure, Google Cloud)

    MicroStrategy ONEUnified BI/Analytics

    data: Enterprise-grade unified platform combining analytics, BI, and AI capabilities

    Consolidates multiple MicroStrategy capabilities into single platform

    Mosaic (Universal Semantic Layer)Data Governance & AI

    data: Unified semantic layer for governed AI and BI

    Enables single source of truth for data consistency across systems

    MicroStrategy AIGenerative AI

    data: No customer data retention or usage for model training

    Privacy-first design; does not retain conversation histories or use customer data for training

    MicroStrategy Cloud for GovernmentGovernment-focused BI

    data: FedRAMP Certified (Moderate impact level)

    Specialized for U.S. federal government agencies; authorized via Department of Health and Human Services

    // What to watch

    • CSA STAR certification is deprecated (last updated April 2022); vendor should refresh if continuing to claim STAR status
    • Privacy Shield (mentioned in documentation) is no longer a valid compliance framework as of 2020; should be updated to Standard Contractual Clauses or Binding Corporate Rules for EU data transfers
    • Evidence domain discrepancy: Evidence file references strategy.com (which is the current domain), but some documentation still references microstrategy.com. Both are valid domains for the same vendor.
    • ISO 42001 (AI management) not held despite recent emphasis on AI governance; may be a gap given enterprise AI product line

    // At a glance

    Pricing model

    Subscription (SaaS) and perpetual licenses; multi-tiered for different use cases

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on MicroStrategy Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    www2.microstrategy.com

    > Browse all vendor trust reports