Suporte e atendimento

© Copyrights with regard to this document reside with Ernst & Young CertifyPoint B.V., headquartered at Antonio Vivaldistraat 150,

1083 HP Amsterdam, the Netherlands. All rights reserved.

Certificate

Certificate number: 2013-009

Certified by EY CertifyPoint since: November 18, 2010

Based on certification examination in conformity with defined requirements in ISO/IEC

17021-1:2015 and ISO/IEC 27006:2015, the Information Security Management System

as defined and implemented by

Amazon Web Services, Inc.*

located in Seattle, Washington, United States of America, is compliant with the

requirements as stated in the standard:

ISO/IEC 27001:2013

Issue date of certificate: December 11, 2011

Re-issue date of certificate: December 15, 2017

Expiration date of certificate: November 7, 2019

EY CertifyPoint will, according to the certification agreement dated November 9, 2016,

perform surveillance audits and acknowledge the certificate until the expiration date

noted above.

*The certification is applicable for the assets, services and locations as described in the scoping section on

the back of this certificate, with regard to the specific requirements for information security as stated in

the Statement of Applicability, version 2017.01, dated November 20, 2017.

Drs. J. Sehgal RE | Director, EY CertifyPoint

Amazon Web Services, Inc.

Scope for certificate 2013-009

This scope (edition: December 15, 2017) is only valid in connection with certificate 2013-009.

The scope of this ISO 27001:2013 Certification is bounded by specified services of

Amazon Web Services, Inc. and specified facilities. The ISMS is centrally managed out

Amazon Web Services, Inc. headquarters in Seattle, Washington, United States of

America.

The in-scope applications, systems, people, and processes are globally implemented and

operated by teams out of an explicit set of facilities that comprise Amazon Web Services,

Inc. and are specifically defined in the scope and bounds.

The Amazon Web Services, Inc. ISMS scope includes the following services:

• Amazon API Gateway

• Amazon Aurora

• Amazon Cloud Directory

• Amazon CloudFront

• Amazon CloudWatch Logs

• Amazon Cognito

• Amazon Connect

• Amazon DynamoDB

• Amazon Elastic Block Store(EBS)

• Amazon Elastic Compute Cloud(EC2)

• Amazon Elastic Container Registry

• Amazon Elastic Container Service (ECS)

• Amazon Elastic File System (EFS)

• Amazon Elastic MapReduce (EMR)

• Amazon ElastiCache

• Amazon Glacier

• Amazon Inspector

• Amazon Kinesis Data Streams

• Amazon Macie

• Amazon QuickSight

• Amazon RDS for MariaDB, MySQL, Oracle, Postgres, SQL Server

• Amazon Redshift

• Amazon Route53

• Amazon S3 Transfer Acceleration

• Amazon SageMaker

• Amazon Simple Email Service (SES)

• Amazon Simple Notification Services (SNS)

• Amazon Simple Queue Service (SQS)

• Amazon Simple Storage Service (S3)

• Amazon Simple Workflow Service (SWF)

• Amazon SimpleDB

• Amazon Virtual Private Cloud (VPC)

• Amazon WorkDocs

• Amazon WorkMail

• Amazon WorkSpaces

• Auto Scaling

• AWS Batch

• AWS CloudFormation

• AWS CloudHSM

• AWS CloudTrail

• AWS CodeBuild

• AWS CodeCommit

• AWS CodeDeploy

Amazon Web Services, Inc.

Scope for certificate 2013-009

This scope (edition: December 15, 2017) is only valid in connection with certificate 2013-009.

• AWS CodePipeline

• AWS Config

• AWS Database Migration

Service (DMS)

• AWS Direct Connect

• AWS Directory Service for

Microsoft Active Directory

• AWS Elastic Beanstalk

• AWS Identity and Access

Management (IAM)

• AWS IoT Core

• AWS Key Management Service

(KMS)

• AWS Lambda

• AWS Lambda@Edge

• AWS Managed Services

• AWS OpsWorks Stacks

• AWS Shield

• AWS Snowball Edge

• AWS Snowball

• AWS Snowmobile

• AWS Step Functions

• AWS Storage Gateway

• AWS Systems Manager

(Amazon EC2 Systems

Manager)

• AWS Web Application Firewall

(WAF)

• AWS X-Ray

• Elastic Load Balancing

• VM Import/Export

Amazon Web Services, Inc.

Scope for certificate 2013-009

This scope (edition: December 15, 2017) is only valid in connection with certificate 2013-009.

Locations in scope:

AWS data centers, which house the hardware supporting the AWS Services listed above.

AWS Data centers are located in US East (Northern Virginia), US East (Ohio), US West

(Oregon), US West (Northern California), AWS GovCloud (US), Canada (Montréal), EU

(London), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Mumbai),

Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (São

Paulo) Regions, as well as the following AWS Edge Locations in:

• Melbourne, Australia

• Sydney, Australia

• Vienna, Austria

• Rio de Janeiro, Brazil

• São Paulo, Brazil

• Montréal, Canada

• Toronto, Canada

• Prague, Czech Republic

• Hong Kong, China

• London, England

• Marseille, France

• Paris, France

• Berlin, Germany

• Frankfurt, Germany

• Munich, Germany

• Chennai, India

• Mumbai, India

• New Delhi, India

• Dublin, Ireland

• Milan, Italy

• Osaka, Japan

• Tokyo, Japan

• Seoul, Korea

• Kuala Lumpur, Malaysia

• Amsterdam, Netherlands

• Manila, Philippines

• Warsaw, Poland

• Singapore

• Madrid, Spain

• Stockholm, Sweden

• Taipei, Taiwan

• California, United States

• Florida, United States

• Georgia, United States

• Illinois, United States

• Indiana, United States

• Minnesota, United States

• Missouri, United States

• Nevada, United States

• New Jersey, United States

• New York, United States

• Ohio, United Sates

• Oregon, United States

• Pennsylvania, United States

• Texas, United States

• Virginia, United States

• Washington, United States

The Information Security Management System mentioned in the above scope is

restricted as defined in the “ISMS Manual” version 2017.2, signed on November 3,

2017 by the Vice President of AWS Security.