AWS Obtains ISO 27018 Privacy Certification

I am pleased to announce that AWS has successfully completed a new assessment, ISO/IEC 27018:2014, a code of practice regarding the protection of personally identifiable information (PII) in the cloud and our adherence to the commitments we make to our customers with regard to their content. This privacy code of practice is now an integral and permanent component of our ISO 27001 certification program.

ISO 27018 is the first international code of practice that focuses on protection of PII in the cloud. Alignment with ISO 27018 demonstrates that AWS has a system of controls in place that specifically addresses the privacy protection of AWS customers’ content.

Alignment with the ISO 27018 code of practice provides assurance that:

• Customers control their content.
• Customers’ content will not be used for any unauthorized purposes.
• Physical media is destroyed prior to leaving AWS data centers.
• AWS provides customers the means to delete their content.
• AWS doesn’t disclose customers’ content unless required to do so in order to comply with a legally valid and binding order.

All AWS regions and AWS Edge Locations are within the scope of this assessment. For the AWS services in scope, review AWS’s ISO/IEC 27018:2014 certificate. For further questions about this certification, see our ISO 27001 certificate and the FAQ page.