AWS Security Blog
AWS ISO 27001 Certification Increases Total In-Scope Services to 33
AWS has just completed our annual audit of ISO 27001, a certification we achieved back in 2010. 10 new services are now in scope under ISO 27001:
- Amazon CloudFront
- Amazon EC2 Container Service (ECS)
- Amazon Elastic File System (EFS)
- Amazon Simple Email Service (SES)
- Amazon WorkDocs
- Amazon WorkMail
- Amazon WorkSpaces
- AWS Directory Service
- AWS Key Management Service (KMS)
- AWS WAF – Web Application Firewall
For those just learning about the ISO 27001:2013 certification, the International Organization of Standardization (ISO) created the widely adopted global security standard that set out requirements and best practices for a systematic approach to managing company and customer information. This approach is based on periodic risk assessments appropriate to ever-changing threat scenarios.
Guidance on the 27001 certification from ISO includes:
“Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).”
This brings the total up to 33 services now available for use under the standard of ISO 27001. The complete list can be found in our AWS ISO 27001 FAQs.
Additionally, 10 regions are now in scope, including the newly added EU (Frankfurt). The complete list is as follows: US East (N. Virginia), US West (Oregon), US West (N. California), AWS GovCloud (US), South America (Sao Paulo), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo).
Download the AWS ISO 27001 certification.
In order to achieve the certification, AWS has shown it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This certification reinforces Amazon’s commitment to providing transparency into our security controls and practices.
AWS was certified by an independent third-party audit, EY CertifyPoint, an ISO certifying agent. Importantly, there is no increase in service costs for any region as a result of this certification. You can download a copy of the AWS certification and use it to jump-start your own certification efforts (you are not automatically certified by association; however, using an ISO 27001 certified provider like AWS can make your certification process easier). You may also want to read the AWS ISO 27001 FAQs.
If you’d like to learn more about compliance in the cloud, please visit our AWS Cloud Compliance page.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.