FAQs

• What does ISO/IEC 27017:2015 mean to you as a customer?

  AWS' attestation to the ISO/IEC 27017:2015 guidance not only demonstrates our ongoing commitment to align with globally-recognized best practices, but also verifies that AWS has a system of highly precise controls in place that are specific to cloud services.
  

• Who is the third-party assessor?

  EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.
  

• Can my organization align with ISO/IEC 27017:2015?

  AWS’ ISO/IEC 27017:2015 certification covers the security management process and cloud provider specific controls. If you are pursuing ISO/IEC certifications while operating part or all of your IT in the AWS cloud, you are not automatically certified by association. The AWS ISO/IEC 27017:2015 assessment provides evidence that our security controls are aligned with the 27017:2015 guidance specific to cloud service providers.
  

• Can you provide a copy of the ISO/IEC 27017:2015 code of practice?

  ISO/IEC 27017:2015 along with many other economic, environmental and social standards are available on the ISO website. ISO/IEC has made the decision to copyright these standards in an effort to help fund the processes leading to development.

• What AWS services are in scope for ISO/IEC 27017:2015?

  The covered AWS services that are already in scope for ISO/IEC 27017:2015 can be found on ISO Certified. If you would like to learn more about using these services and/or have interest in other services please contact us.

• What AWS data centers are in scope for the ISO/IEC 27017:2015 assessment?

  The covered AWS Regions that are in scope can be found on the AWS ISO/IEC 27017:2015 certification.