I'd like information about ISO 27001

AWS ISO 27001

ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how AWS perpetually manages security in a holistic, comprehensive manner. This widely-recognized international security standard specifies entities:

  • Systematically evaluate our information security risks, taking into account the impact of company threats and vulnerabilities
  • Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
  • Adopt an overarching management process to ensure that the information security controls meet our information security needs on an ongoing basis

The AWS ISO 27001 certification can be downloaded here.

AWS’ implementation of and alignment with ISO 27001, 27017, and 27018 demonstrates a commitment to information security at every level of the organization. AWS is assessed by an independent third-party auditor to validate alignment with the ISO 27001 standard. Compliance with these internationally-recognized standards and code of practice is evidence that the AWS security program is comprehensive and in accordance with industry leading best practices.

AWS welcomes the ISO 27001 standard and best practices into our organization. The certification confirms our commitment to the security, confidentiality, and availability of our services. The key to these standards is the development, implementation, and continuous improvement of AWS’ rigorous security management program, which forms the foundation of AWS’ security approach.

US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), AWS GovCloud (US), Canada (Central), Europe (Ireland), Europe (Frankfurt), Europe (London), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Mumbai), and South America (São Paulo) Regions, as well as the AWS Edge Locations in:

  • Melbourne, Australia
  • Sydney, Australia
  • Rio de Janeiro, Brazil
  • São Paulo, Brazil
  • Montréal, Canada
  • Toronto, Canada
  • Hong Kong, China
  • London, England
  • Marseille, France
  • Paris, France
  • Frankfurt, Germany
  • Chennai, India
  • Mumbai, India
  • New Delhi, India
  • Dublin, Ireland
  • Milan, Italy
  • Osaka, Japan
  • Tokyo, Japan
  • Seoul, Korea
  • Amsterdam, Netherlands
  • Manila, Philippines
  • Warsaw, Poland
  • Singapore
  • Madrid, Spain
  • Stockholm, Sweden
  • Taipei, Taiwan
  • California, United States
  • Florida, United States
  • Georgia, United States
  • Illinois, United States
  • Indiana, United States
  • Missouri, United States
  • Nevada, United States
  • New Jersey, United States
  • New York, United States
  • Oregon, United States
  • Texas, United States
  • Virginia, United States
  • Washington, United States

Our ISO 27001 certification demonstrates our commitment to information security at every level. Compliance with this internationally-recognized standard, validated by an independent third-party audit, confirms that our security management program is comprehensive and follows leading practices. This certification provides more clarity and assurance for customers evaluating the breadth and strength of our security practices.

Your services will not be impacted. We continue to strive to provide the highest levels of security. The certification is a security credential for your reference.

EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.

The ISO 27001 certification covers the security management process over a specified scope of services and data centers. If you are pursuing ISO 27001 certification while operating part or all of your IT in the AWS cloud, you are not automatically certified by association but it may make it easier for you to certify.

The covered AWS services that are already in scope for the ISO 27001 certification can be found within AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.

ISO 27001 along with many other economic, environmental and social standards are available on the ISO website, http://www.iso.org/iso/home.html. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.

ISO 27001


Contact Us