ISO 27001 Compliance

ISO 27001

ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how AWS perpetually manages security in a holistic, comprehensive manner. This widely-recognized international security standard specifies entities:

Systematically evaluate our information security risks, taking into account the impact of company threats and vulnerabilities
Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
Adopt an overarching management process to ensure that the information security controls meet our information security needs on an ongoing basis

The AWS ISO 27001 certification can be downloaded here.

AWS’ implementation of and alignment with ISO 27001, 27017, and 27018 demonstrates a commitment to information security at every level of the organization. AWS is assessed by an independent third-party auditor to validate alignment with the ISO 27001 standard. Compliance with these internationally-recognized standards and code of practice is evidence that the AWS security program is comprehensive and in accordance with industry leading best practices.

ISO 27001 Cloud Compliance Customers

Given the sensitive nature of the data handled and RWE’s stringent data protection policies, compliance certifications—for example, ISO 27001 and ISO 9001—were vital in any technology that RWE chose. With its ISO-compliant, pay-as-you-go offerings, Amazon Web Services (AWS) was a good fit for RWE’s needs. »

AWS is currently ISO 27001-certified—which was a requirement for IATA, since the BI platform manages highly confidential information. »

“We’re really comfortable with the security of our system on the AWS Cloud. Building our solution on AWS helps us meet our requirements for accreditation to ISO 27000 information security and ISO 9000 quality assurance standards." »

“If we couldn’t directly demonstrate the security of the cloud, it would mean a complete halt to operations. Being able to point not only to AWS ISO 27001 certification but also to the fact that we’re within a government-approved G-cloud in the UK, means that we have the answers to questions around security before the hospital even raises them. It reassures the hospitals and it also reassures our investors. Everyone’s happy." »

By building its infrastructure on AWS, Exeter Family has achieved security certifications and accreditations, including ISO 27001. Gaining these certifications and accreditations right out of the box meant the company could immediately satisfy its internal compliance teams—even with a small team. »

Compliance with Payment Card Industry Data Security Standard (PCI DSS) and International Organization for Standards (ISO) 27001 are central to PayFort’s payment services. “We need to be trusted by the organizations that use our product, so that means ticking the boxes for compliance. But we didn’t want to spend the time and money doing this ourselves.” »

How does this certification impact AWS?

AWS welcomes the ISO 27001 standard and best practices into our organization. The certification confirms our commitment to the security, confidentiality, and availability of our services. The key to these standards is the development, implementation, and continuous improvement of AWS’ rigorous security management program, which forms the foundation of AWS’ security approach.

Which AWS regions are covered?

AWS' ISO 27001 accreditation includes data centers, which house the hardware supporting the AWS Services listed above. AWS Data centers are located in US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), AWS GovCloud (US), Canada (Montréal), EU (London), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (São Paulo) Regions, as well as the following AWS Edge Locations in:

Melbourne, Australia

Sydney, Australia

Rio de Janeiro, Brazil

São Paulo, Brazil

Montréal, Canada

Toronto, Canada

Hong Kong, China

London, England

Marseille, France

Paris, France

Frankfurt, Germany

Chennai, India

Mumbai, India

New Delhi, India

Dublin, Ireland

Milan, Italy

Osaka, Japan

Tokyo, Japan

Seoul, Korea

Amsterdam, Netherlands

Manila, Philippines

Warsaw, Poland

Singapore

Madrid, Spain

Stockholm, Sweden

Taipei, Taiwan

California, United States

Florida, United States

Georgia, United States

Illinois, United States

Indiana, United States

Missouri, United States

Nevada, United States

New Jersey, United States

New York, United States

Oregon, United States

Texas, United States

Virginia, United States

Washington, United States

What does this mean to you as a customer?

Our ISO 27001 certification demonstrates our commitment to information security at every level. Compliance with this internationally-recognized standard, validated by an independent third-party audit, confirms that our security management program is comprehensive and follows leading practices. This certification provides more clarity and assurance for customers evaluating the breadth and strength of our security practices.

How will this impact my server instances and data?

Your services will not be impacted. We continue to strive to provide the highest levels of security. The certification is a security credential for your reference.

Who is the certifying agent?

EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.

Can my organization be ISO ISO 27001 certified by association?

The ISO 27001 certification covers the security management process over a specified scope of services and data centers. If you are pursuing ISO 27001 certification while operating part or all of your IT in the AWS cloud, you are not automatically certified by association but it may make it easier for you to certify.

What AWS services are in scope for the ISO 27001 certification?

The covered AWS services that are already in scope for the ISO 27001 certification can be found within AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.

Can you provide a copy of the ISO 27001 standard?

ISO 27001 along with many other economic, environmental and social standards are available on the ISO website, http://www.iso.org/iso/home.html. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.

ISO 27001 Compliance Resources