Below is a list of frequently asked questions about AWS ISO 27001 compliance.
ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. This is a widely-recognized international security standard in which our customers showed significant interest. Certification in the standard requires us to:
- Systematically evaluate our information security risks, taking into account the impact of company threats and vulnerabilities
- Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
- Adopt an overarching management process to ensure that the information security controls meet the our information security needs on an ongoing basis
The key to the ongoing certification under this standard is the effective management of a rigorous security program. The Information Security Management System (ISMS) required under this standard defines how we perpetually manage security in a holistic, comprehensive way. The ISO 27001 certification is specifically focused on the AWS ISMS and measures how our internal processes follow the ISO standard. Certification means a third party accredited independent auditor has performed an assessment of our processes and controls and confirms they are operating in alignment with the comprehensive ISO 27001 certification standard.
AWS welcomes the ISO 27001 standard and best practices into our organization. The certification confirms our longstanding commitment to the security of our services to our customers. Going through the certification process confirms that we are addressing each element of the ISO standard and that our management practices follow internationally-recognized best practices.
The services included in scope for our ISO 27001 certification includ
- Amazon DynamoDB
- Amazon EC2 VM Import/Export
- Amazon Elastic Block Store (EBS)
- Amazon Elastic Cloud Compute (EC2)
- Amazon Elastic MapReduce (EMR)
- Amazon ElastiCache
- Amazon Glacier
- Amazon Redshift
- Amazon Relational Database Service (RDS)
- Amazon Simple Storage Service (S3)
- Amazon SimpleDB
- Amazon Virtual Private Cloud (VPC)
- AWS Direct Connect
- AWS Identity and Access Management (IAM)
- AWS Storage Gateway
- The underlying physical infrastructure (including GovCloud) and the AWS Management Environment
Our ISO 27001 certification demonstrates our commitment to information security at every level. Compliance with this internationally-recognized standard, validated by an independent third-party audit, confirms that our security management program is comprehensive and follows leading practices. This certification provides more clarity and assurance for customers evaluating the breadth and strength of our security practices.
Your services will not be impacted. We continue to strive to provide the highest levels of security. The certification is a security credential for your reference.
EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.
The ISO 27001 certification covers the security management process over a specified scope of services and data centers. If you are pursuing ISO 27001 certification while operating part or all of your IT in the AWS cloud, you are not automatically certified by association but it may make it easier for you to certify.
You may purchase a copy online from various sources, such as Standards Direct.