ISO/IEC 27701:2019 Compliance

Alignment to ISO/IEC 27701:2019 demonstrates to customers that AWS has an effective Privacy Information Management System (PIMS) in place to support compliance to European General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA), and other data privacy regulations. AWS' alignment with this standard in addition to the independent third-party assessment of this internationally recognized code of practice demonstrates AWS' commitment to the privacy and protection of customers' content and assures compliance with international and local privacy legislations.

ISO/IEC 27701:2019 along with many other economic, environmental and social standards are available on the ISO website. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.

EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.

Yes, AWS maintains the high bar of data protection and privacy controls outlined in ISO/IEC 27701:2019 for all customer content, regardless of whether data is PII.

The covered AWS services that are already in scope for ISO/IEC 27701:2019 can be found on ISO Certified. If you would like to learn more about using these services and/or have interest in other services please contact us.

The covered AWS Regions that are in scope can be found on the AWS ISO/IEC 27701:2019 certification.