AWS News Blog

AWS Certification Update – ISO 27017

I am happy to announce that AWS has achieved ISO 27017 certification. This new criteria builds upon the ISO 27002 standard, with additional controls specifically applicable to cloud service providers. AWS is the first cloud provider to obtain this certification, which is available now for download on our compliance site. Additionally, we’ve posted a Frequently Asked Questions around ISO 27017 should you want to learn more about the regions and services included in the certification.

This certification is certainly good news for customers, providing additional transparency and independent assurance that we follow this internationally recognized cloud security code of practice. However, certifying that we follow yet another best practice won’t come as a surprise; we’ve already proven that information security is job #1 here at AWS. We have made massive investments in protecting customer data – investments that you, our customers, inherit when using our services. Global customers from a wide range of regulated industries (including healthcare, life sciences, federal and state governments, financial services, and public safety) continue to accelerate their use of AWS for their most critical and regulated workloads. Yes, our certifications and attestations are significant, but even more critical is the ability for you, on top of these assurances, to build your own advanced security and compliance capabilities.

With AWS services, our customers have access to innovative new cloud security features such as Amazon Inspector, AWS WAF (Web Application Firewall), and AWS Config Rules. These tools enhance the ability to manage security while establishing reliable and ubiquitous controls in AWS environments, allowing for compliance in a more comprehensive and transparent manner.

At AWS we routinely attain certifications, demonstrating we have a world-class security program, but more importantly we want you to have a world-class security program as well. To learn more about the innovative and industry-leading security capabilities we offer, view the links above and watch Steve Schmidt’s Keynote at re:Invent.


To learn more about how our customers are running sensitive workloads on AWS, take a look at some case studies:

Healthcare and Life Sciences Financial Institutions Government / Public Sector Large Enterprise


Jeff Barr

Jeff Barr

Jeff Barr is Chief Evangelist for AWS. He started this blog in 2004 and has been writing posts just about non-stop ever since.