AWS has ISO 27001 certification of their Information Security Management System (ISMS) covering AWS infrastructure, data centers, and services including Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3) and Amazon Virtual Private Cloud (Amazon VPC).
ISO 27001/27002 is a widely-adopted global security standard that sets out requirements and best practices for a systematic approach to managing company and customer information that is based on periodic risk assessments.
To achieve the ISO 27001 certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This certification reinforces Amazon’s commitment to providing transparency into our security controls and practices.
AWS’s ISO 27001 certification includes all AWS data centers in all regions worldwide and AWS has a formal program to maintain the certification. A copy of the ISO certificate, available to AWS customers, describes the ISMS services and geographic scope.
For more information, see ISO 27001 FAQs.