ISO 27018 Compliance
ISO 27018 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO 27002 control set.
What does ISO 27018 mean to you as a customer?
Alignment demonstrates to customers that AWS has a system of controls in place that specifically address the privacy protection of their content. AWS' alignment with and independent third-party assessment of this internationally recognized code of practice demonstrates AWS' commitment to the privacy and protection of customers' content.
Does ISO 27018 matter to me as a customer if I do not handle Personally Identifiable Information (PII)?
Yes, AWS maintains the high bar of data protection and privacy controls outlined in ISO 27018 for all customer content, regardless of whether or not any particular data is PII.
Who is the independent third-party assessor?
EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.
Can you provide a copy of the ISO 27018 code of practice?
ISO 27018 along with many other economic, environmental and social standards are available on the ISO website. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.
Which AWS services are in scope for ISO 27018?
What AWS data centers are in scope for the ISO 27018 assessment?
US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern California), AWS GovCloud (US), Canada (Central), Europe (Ireland), Europe (Frankfurt), Europe (London), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Mumbai), and South America (São Paulo) Regions, as well as the AWS Edge Locations in:
Rio de Janeiro, Brazil
São Paulo, Brazil
Hong Kong, China
New Delhi, India
California, United States
Florida, United States
Georgia, United States
Illinois, United States
Indiana, United States
Missouri, United States
Nevada, United States
New Jersey, United States
New York, United States
Oregon, United States
Texas, United States
Virginia, United States
Washington, United States