ISO 27001

Overview

ISO27001

ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how AWS perpetually manages security in a holistic, comprehensive manner. This widely-recognized international security standard specifies that AWS do the following:

  • We systematically evaluate our information security risks, taking into account the impact of threats and vulnerabilities.
  • We design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
  • We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.

AWS has certification for compliance with ISO 27001, 27017, and 27018. These certifications are performed by independent third-party auditors. Our compliance with these internationally-recognized standards and code of practice is evidence of our commitment to information security at every level of our organization, and that the AWS security program is in accordance with industry leading best practices.

  • Which AWS Regions are covered?

    US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), AWS GovCloud (US), Canada (Central), Europe (Ireland), Europe (Frankfurt), Europe (London), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Mumbai), and South America (São Paulo) Regions, as well as the AWS Edge Locations in:

    Melbourne, Australia

    Sydney, Australia

    Rio de Janeiro, Brazil

    São Paulo, Brazil

    Montréal, Canada

    Toronto, Canada

    Hong Kong, China

    London, England

    Marseille, France

    Paris, France

    Frankfurt, Germany

    Chennai, India

    Mumbai, India

    New Delhi, India

    Dublin, Ireland

    Milan, Italy

    Osaka, Japan

    Tokyo, Japan

    Seoul, Korea

    Amsterdam, Netherlands

    Manila, Philippines

    Warsaw, Poland

    Singapore

    Madrid, Spain

    Stockholm, Sweden

    Taipei, Taiwan

    California, United States

    Florida, United States

    Georgia, United States

    Illinois, United States

    Indiana, United States

    Missouri, United States

    Nevada, United States

    New Jersey, United States

    New York, United States

    Oregon, United States

    Texas, United States

    Virginia, United States

    Washington, United States

  • How will this impact my server instances and data?

    Your services will not be impacted. We continue to strive to provide the highest levels of security. The certification is a security credential for your reference.

  • Who is the certifying agent?

    The AWS certification for ISO 27001 is verified by EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member. For a list of all countries with an IAF member, see the IAF Members and Signatories webpage.

  • Can my organization be ISO 27001 certified by association?

    Your organization is not automatically certified by association. However, if you are pursuing ISO 27001 certification while operating part or all of your IT in the AWS cloud, the AWS certification may make it easier for you to certify. The ISO 27001 certification for AWS covers the AWS security management process over a specified scope of services and data centers.

  • What AWS services are in scope for the ISO 27001 certification?

    The covered AWS services that are in scope for the ISO 27001 certification can be found on the AWS Services in Scope by Compliance Program. If you would like to learn more about using these services or have interest in other services, please contact us.

  • Can you provide a copy of the ISO 27001 standard?

    No, AWS cannot distribute copies of the ISO 27001 standard. A preview of the ISO 27001 standard is available for free, and the full text is available for purchase, on the ISO website. ISO has made the decision to copyright their standards in an effort to help fund the processes leading to development.

compliance-contactus-icon
Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »