We announced the successful completion of our first SAS 70 Type II audit just about a year ago. Earlier this year I talked about an application that had successfully completed the FISMA Low assessment and then received the necessary Authority to Operate.
Today I am happy to announce that we have been awarded ISO 27001 certification.
The full name of this certification is "ISO/IEC 27001:2005 - Information technology — Security techniques — Information security management systems — Requirements." This is a comprehensive international standard and one that should be of special interest to customers from an information security perspective. SAS 70, a third party opinion on how well our controls are functioning, is often thought of as showing "depth" of security and controls because there's a thorough investigation and testing of each defined control. ISO 27001, on the other hand, shows a lot of "breadth" because it covers a comprehensive range of well recognized information security objectives. Together, SAS 70 and ISO 27001 should give you a lot of confidence in the strength and maturity of our operating practices and procedures over information security.
We receive requests for many different types of reports and certifications and we are doing our best to prioritize and to respond to as many of them as possible. Please let me know (comments are fine) which certifications would let you make even better use of AWS.
Relevant AWS jobs include: