I'd like information about ISO 27018
AWS ISO 27018

ISO 27018 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO 27002 control set.

The AWS ISO 27018 certification can be downloaded here.

Alignment demonstrates to customers that AWS has a system of controls in place that specifically address the privacy protection of their content. AWS' alignment with and independent third-party assessment of this internationally recognized code of practice demonstrates AWS' commitment to the privacy and protection of customers' content.

Yes, AWS maintains the high bar of data protection and privacy controls outlined in ISO 27018 for all customer content, regardless of whether or not any particular data is PII.

EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.

ISO 27018 along with many other economic, environmental and social standards are available on the ISO website, http://www.iso.org/iso/home.html. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.

The covered AWS services that are already in scope for ISO 27018 can be found within AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.

AWS' ISO 27018 accreditation includes data centers, which house the hardware supporting the AWS Services listed above. AWS Data centers are located in US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), AWS GovCloud (US), Canada (Montréal), EU (London), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (São Paulo) Regions, as well as the following AWS Edge Locations in:

  • Melbourne, Australia
  • Sydney, Australia
  • Rio de Janeiro, Brazil
  • São Paulo, Brazil
  • Montréal, Canada
  • Toronto, Canada
  • Hong Kong, China
  • London, England
  • Marseille, France
  • Paris, France
  • Frankfurt, Germany
  • Chennai, India
  • Mumbai, India
  • New Delhi, India
  • Dublin, Ireland
  • Milan, Italy
  • Osaka, Japan
  • Tokyo, Japan
  • Seoul, Korea
  • Amsterdam, Netherlands
  • Manila, Philippines
  • Warsaw, Poland
  • Singapore
  • Madrid, Spain
  • Stockholm, Sweden
  • Taipei, Taiwan
  • California, United States
  • Florida, United States
  • Georgia, United States
  • Illinois, United States
  • Indiana, United States
  • Missouri, United States
  • Nevada, United States
  • New Jersey, United States
  • New York, United States
  • Oregon, United States
  • Texas, United States
  • Virginia, United States
  • Washington, United States
ISO 27018 Resources


Contact Us