AWS Security Blog

Tag: ISO 27018

2019 ISO certificates are here, with a 12 percent increase of in-scope services

AWS successfully completed the re-certification audits with no findings. Ernst and Young Certify Point auditors issued the new certificates on November 6, 2019, marking the start of the new three-year cycle. We increased the number of ISO services in scope to 134 services in total that have been validated against ISO 9001, 27001, 27017, and […]

Read More

New AWS services launch with HIPAA, PCI, ISO, and SOC – a company first

Our security culture is one of the things that sets AWS apart. Security is job zero — it is the foundation for all AWS employees and impacts the work we do every day, across the company. And that’s reflected in our services, which undergo exacting internal and external security reviews before being released. From there, […]

Read More

2018 ISO certificates are here, with a 70% increase of in scope services

September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. In just the last year, we’ve increased the number of ISO services in scope by 70%. That makes 114 services in total that have been validated against ISO 9001, 27001, 27017, and 27018. The following services are new to our […]

Read More

The AWS Shared Responsibility Model and GDPR

The EU’s General Data Protection Regulation (GDPR) describes data processor and data controller roles, and some customers and AWS Partner Network (APN) partners are asking how this affects the long-established AWS Shared Responsibility Model. I wanted to take some time to help folks understand shared responsibilities for us and for our customers in context of […]

Read More

AWS Obtains ISO 27018 Privacy Certification

I am pleased to announce that AWS has successfully completed a new assessment, ISO/IEC 27018:2014, a code of practice regarding the protection of personally identifiable information (PII) in the cloud and our adherence to the commitments we make to our customers with regard to their content. This privacy code of practice is now an integral […]

Read More