AWS ISO 27018:2014 FAQs

AWS' ISO 27018:2014 certification can be downloaded here.

ISO ISO 27018:2014 is the first International code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO 27002 control set.

Alignment demonstrates to customers that AWS has a system of controls in place that specifically address the privacy protection of their content. AWS' alignment with and independent third-party assessment of this internationally recognized code of practice demonstrates AWS' commitment to the privacy and protection of customers' content.

Yes, AWS maintains the high bar of data protection and privacy controls outlined in ISO ISO 27018:2014 for all customer content, regardless of whether or not any particular data is PII.

EY CertifyPoint, an ISO certifying agent.

The ISO ISO 27018:2014 code of practice is available for purchase online from www.iso.org.

All AWS Regions and AWS Edge Locations are within the scope of the AWS ISO ISO 27018:2014 assessment. This includes AWS data centers in US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US) (Oregon), EU (Frankfurt), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), China (Beijing), and South America (Sao Paulo) that support in-scope services.