Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Skip to main content

AWS Cloud Security

ISO/IEC 27017:2015 Compliance

Overview

ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.

Page topics

FAQs

Open all

AWS' attestation to the ISO/IEC 27017:2015 guidance not only demonstrates our ongoing commitment to align with globally-recognized best practices, but also verifies that AWS has a system of highly precise controls in place that are specific to cloud services.

EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.

AWS’ ISO/IEC 27017:2015 certification covers the security management process and cloud provider specific controls. If you are pursuing ISO/IEC certifications while operating part or all of your IT in the AWS cloud, you are not automatically certified by association. The AWS ISO/IEC 27017:2015 assessment provides evidence that our security controls are aligned with the 27017:2015 guidance specific to cloud service providers.

ISO/IEC 27017:2015 along with many other economic, environmental and social standards are available on the ISO website. ISO/IEC has made the decision to copyright these standards in an effort to help fund the processes leading to development.

The covered AWS services that are already in scope for ISO/IEC 27017:2015 can be found on ISO Certified. If you would like to learn more about using these services and/or have interest in other services please contact us.

The covered AWS Regions that are in scope can be found on the AWS ISO/IEC 27017:2015 certification.