AWS Security Blog

AWS ISO 27001 Certification Increases Total In-Scope Services to 33

AWS certification image

AWS has just completed our annual audit of ISO 27001, a certification we achieved back in 2010. 10 new services are now in scope under ISO 27001:

For those just learning about the ISO 27001:2013 certification, the International Organization of Standardization (ISO) created the widely adopted global security standard that set out requirements and best practices for a systematic approach to managing company and customer information. This approach is based on periodic risk assessments appropriate to ever-changing threat scenarios.

Guidance on the 27001 certification from ISO includes:

“Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).”

This brings the total up to 33 services now available for use under the standard of ISO 27001. The complete list can be found in our AWS ISO 27001 FAQs.

Additionally, 10 regions are now in scope, including the newly added EU (Frankfurt). The complete list is as follows: US East (N. Virginia), US West (Oregon), US West (N. California), AWS GovCloud (US), South America (Sao Paulo), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Tokyo).

Download the AWS ISO 27001 certification.

In order to achieve the certification, AWS has shown it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This certification reinforces Amazon’s commitment to providing transparency into our security controls and practices.

AWS was certified by an independent third-party audit, EY CertifyPoint, an ISO certifying agent. Importantly, there is no increase in service costs for any region as a result of this certification. You can download a copy of the AWS certification and use it to jump-start your own certification efforts (you are not automatically certified by association; however, using an ISO 27001 certified provider like AWS can make your certification process easier). You may also want to read the AWS ISO 27001 FAQs.

If you’d like to learn more about compliance in the cloud, please visit our AWS Cloud Compliance page.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Author

Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.