I'd like information about ISO 27017
ISO 27017

ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.

The AWS ISO 27017 certification can be downloaded here.

AWS' attestation to the ISO 27017 guidance not only demonstrates our ongoing commitment to align with globally-recognized best practices, but also verifies that AWS has a system of highly precise controls in place that are specific to cloud services.

EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.

AWS’ ISO 27017 certification covers the security management process and cloud provider specific controls. If you are pursuing ISO certifications while operating part or all of your IT in the AWS cloud, you are not automatically certified by association. The AWS ISO 27017 assessment provides evidence that our security controls are aligned with the 27017 guidance specific to cloud service providers.

ISO 27017 along with many other economic, environmental and social standards are available on the ISO website, http://www.iso.org/iso/home.html. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.

The covered AWS services that are already in scope for ISO 27017 can be found within AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.

AWS' ISO 27017 accreditation includes data centers, which house the hardware supporting the AWS Services listed above. AWS Data centers are located in US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), AWS GovCloud (US), Canada (Montréal), EU (London), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (São Paulo) Regions, as well as the following AWS Edge Locations in:

  • Melbourne, Australia
  • Sydney, Australia
  • Rio de Janeiro, Brazil
  • São Paulo, Brazil
  • Montréal, Canada
  • Toronto, Canada
  • Hong Kong, China
  • London, England
  • Marseille, France
  • Paris, France
  • Frankfurt, Germany
  • Chennai, India
  • Mumbai, India
  • New Delhi, India
  • Dublin, Ireland
  • Milan, Italy
  • Osaka, Japan
  • Tokyo, Japan
  • Seoul, Korea
  • Amsterdam, Netherlands
  • Manila, Philippines
  • Warsaw, Poland
  • Singapore
  • Madrid, Spain
  • Stockholm, Sweden
  • Taipei, Taiwan
  • California, United States
  • Florida, United States
  • Georgia, United States
  • Illinois, United States
  • Indiana, United States
  • Missouri, United States
  • Nevada, United States
  • New Jersey, United States
  • New York, United States
  • Oregon, United States
  • Texas, United States
  • Virginia, United States
  • Washington, United States
ISO 27017 Resources


Contact Us