At Amazon, our customers’ priorities are our priorities. Top of the list continues to be security, as thousands of businesses—spanning various sizes, industries, and customer needs—trust us with their data. We take that responsibility seriously, prioritizing ISO 27001:2022 certification for even more of our services as a result.
This new ISO 27001:2022 certification includes Amazon Global Logistics, Amazon Warehousing and Distribution, Seller Export and Delivery, Amazon Freight, Amazon Air Cargo, and Fulfillment by Amazon inbound services, in addition to Multi-Channel Fulfillment and Buy with Prime, which have held this certification for years and are included with this update.
What is ISO 27001:2022?
ISO 27001:2022 is a widely recognized international security standard for information security management systems (ISMS). These certifications are performed by independent third-party auditors. Our compliance with ISO 27001:2022 standards is evidence of our commitment to information security at every level and that our program is in accordance with industry-leading best practices.
Why does achieving ISO 27001:2022 matter?
- Security Assurance: It demonstrates that in-scope Amazon services have an ISMS that meets internationally recognized standards for information security, providing confidence to customers that we have a rigorous security program that looks at security risks in a holistic manner.
- Third-Party Validation: The certification is awarded only after independent audits verify our security controls and practices.
- Risk Management: It shows our commitment to identifying, assessing, and managing information security risks across in-scope services.
- Continuous Improvement: The certification requires regular assessments and management reviews, ensuring we systematically evaluate our information security risks, taking into account the impact of threats and vulnerabilities.
This latest milestone demonstrates our continued commitment to customer information security and confirms we have a system in place to own, manage, and handle data security risks, respecting the best practices and principles of this international standard.
The scope of the ISO/IEC 27001:2022 certificate covers information security management system (ISMS) supporting cloud services, data, systems, processes, and people required for the design, development, and deployment of the in-scope Amazon services mentioned here.
