We’re excited to announce that Amazon Web Services (AWS) has achieved ISO/IEC 27701:2019 certification without findings. This certification is really a rigorous third-party independent assessment of the Privacy Information Management System (PIMS) of a cloud company.

ISO/IEC 27701:2019 specifies requirements and guidelines to determine and improve a PIMS continuously, including processing of Personally Identifiable Information (PII), and can be an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards for information security management. It provides a set of additional controls and associated guidance that’s designed to address public cloud PIMS and PII management requirements that aren’t addressed by the prevailing ISO/IEC 27002 control set, for both controllers and processors.

The certification demonstrates a cloud service provider comes with an effective PIMS set up to aid customers, who could be working towards compliance with the European General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), along with other data privacy regulations. The independent third-party assessment of AWS alignment to the internationally recognized code of practice demonstrates that AWS is focused on the privacy and protection of customers’ content and will help customers in pursuing their international and local compliance objectives.

Ernst & On August 11 young CertifyPoint issued the certificate, 2021. The covered AWS Regions are included on the ISO/IEC 27701:2019 certificate, and the entire set of AWS services in scope for ISO/IEC 27701:2019 can be acquired on our CSA and iso STAR Certified webpage. You will see and our ISO/IEC 27701:2019 certificate online download, and in the AWS Management Console through AWS Artifact.

When you have feedback concerning this post, submit comments in the Comments section below.

Want more AWS Security how-to content, news, and show announcements? Follow us on Twitter.