AWS Security Blog

AWS Obtains ISO 27018 Privacy Certification

AWS certification image

I am pleased to announce that AWS has successfully completed a new assessment, ISO/IEC 27018:2014, a code of practice regarding the protection of personally identifiable information (PII) in the cloud and our adherence to the commitments we make to our customers with regard to their content. This privacy code of practice is now an integral and permanent component of our ISO 27001 certification program.

ISO 27018 is the first international code of practice that focuses on protection of PII in the cloud. Alignment with ISO 27018 demonstrates that AWS has a system of controls in place that specifically addresses the privacy protection of AWS customers’ content.

Alignment with the ISO 27018 code of practice provides assurance that:

  • Customers control their content.
  • Customers’ content will not be used for any unauthorized purposes.
  • Physical media is destroyed prior to leaving AWS data centers.
  • AWS provides customers the means to delete their content.
  • AWS doesn’t disclose customers’ content unless required to do so in order to comply with a legally valid and binding order.

All AWS regions and AWS Edge Locations are within the scope of this assessment. For the AWS services in scope, review AWS’s ISO/IEC 27018:2014 certificate. For further questions about this certification, see our ISO 27001 certificate and the FAQ page.


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.