ISO/IEC 27701:2019 Compliance
ISO/IEC 27701:2019 specifies requirements and guidelines to establish and continuously improve the Privacy Information Management System (PIMS), including processing of Personally Identifiable Information (PII). It is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards for information security management providing a set of additional controls and associated guidance intended to address public cloud PIMS and PII management requirements for both processors and controllers, not addressed by the existing ISO/IEC 27002 control set.
What does ISO/IEC 27701:2019 mean to you as a customer?
Alignment to ISO/IEC 27701:2019 demonstrates to customers that AWS has an effective Privacy Information Management System (PIMS) in place to support compliance to European General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA), and other data privacy regulations. AWS' alignment with this standard in addition to the independent third-party assessment of this internationally recognized code of practice demonstrates AWS' commitment to the privacy and protection of customers' content and assures compliance with international and local privacy legislations.
Does ISO/IEC 27701:2019 matter to me as a customer if I do not handle Personally Identifiable Information (PII)?
Yes, AWS maintains the high bar of data protection and privacy controls outlined in ISO/IEC 27701:2019 for all customer content, regardless of whether data is PII.
Who is the independent third-party assessor?
EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.
Can you provide a copy of the ISO/IEC 27701:2019 requirements and guidelines?
ISO/IEC 27701:2019 along with many other economic, environmental and social standards are available on the ISO website. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.
Which AWS services are in scope for ISO/IEC 27701:2019?
What AWS Data Centers are in scope for the ISO/IEC 27701:2019 assessment?