ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. This is a widely-recognized international security standard in which our customers showed significant interest. Certification in the standard requires us to:
- Systematically evaluate our information security risks, taking into account the impact of company threats and vulnerabilities
- Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
- Adopt an overarching management process to ensure that the information security controls meet the our information security needs on an ongoing basis
The AWS ISO 27001 certification can be downloaded here.
The key to the ongoing certification under this standard is the effective management of a rigorous security program. The Information Security Management System (ISMS) required under this standard defines how we perpetually manage security in a holistic, comprehensive way. The ISO 27001 certification is specifically focused on the AWS ISMS and measures how our internal processes follow the ISO standard. Certification means a third party accredited independent auditor has performed an assessment of our processes and controls and confirms they are operating in alignment with the comprehensive ISO 27001 certification standard.
AWS welcomes the ISO 27001 standard and best practices into our organization. The certification confirms our longstanding commitment to the security of our services to our customers. Going through the certification process confirms that we are addressing each element of the ISO standard and that our management practices follow internationally-recognized best practices.
AWS' ISO 27001 accreditation covers AWS Regions including US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US), South America (São Paulo), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo).
Our ISO 27001 certification demonstrates our commitment to information security at every level. Compliance with this internationally-recognized standard, validated by an independent third-party audit, confirms that our security management program is comprehensive and follows leading practices. This certification provides more clarity and assurance for customers evaluating the breadth and strength of our security practices.
Your services will not be impacted. We continue to strive to provide the highest levels of security. The certification is a security credential for your reference.
EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.
The ISO 27001 certification covers the security management process over a specified scope of services and data centers. If you are pursuing ISO 27001 certification while operating part or all of your IT in the AWS cloud, you are not automatically certified by association but it may make it easier for you to certify.
The services included in scope for our ISO 27001 certification include:
- AWS CloudFormation
- Amazon CloudFront
- AWS Cloudtrail
- AWS Directory Service
- Amazon DynamoDB
- AWS Elastic Beanstalk
- Amazon Elastic Block Store (EBS)
- Amazon Elastic Cloud Compute (EC2)
- Amazon EC2 Container Service (ECS)
- AWS Direct Connect
- Amazon EC2 VM Import/Export
- AWS Cloud Hardware Security Model (HSM)
- Elastic Load Balancing (ELB)
- Amazon Elastic File System (EFS)
- Amazon Elastic MapReduce (EMR)
- Amazon ElastiCache
- Amazon Glacier
- AWS Identity and Access Management (IAM)
- AWS Key Management Service (KMS)
- Amazon Redshift
- Amazon Relational Database Service (RDS)
- AWS Route 53
- Amazon SimpleDB
- Amazon Simple Email Service (SES)
- Amazon Simple Queue Service (SQS)
- Amazon Simple Storage Service (S3)
- Amazon Simple Workflow Service (SWF)
- AWS Storage Gateway
- Amazon Virtual Private Cloud (VPC)
- AWS WAF - Web Application Firewall
- Amazon WorkDocs
- Amazon WorkMail
- Amazon WorkSpaces
- The underlying physical infrastructure (including GovCloud) and the AWS Management Environment