Apple Internet Services Certifications

Learn about the certifications that Apple Inc. maintains in compliance with the ISO 27001 and 27018 standards.

Apple Inc. maintains certifications in compliance with the ISO 27001 and 27018 standards to enable Apple customers to address their regulatory and contractual obligations. These certifications provide our customers with an independent attestation over Apple’s Information Security and Privacy practices for in-scope systems.

ISO 27001 and 27018 are part of a family of global Information Security Management System (ISMS) standards published by the International Organization for Standardization (ISO). As part of Apple's ISMS, all Annex A control requirements have been included in the Statement of Applicability as defined within the ISO 27001 & 27018 standards. Apple undergoes an independent attestation by an accredited registrar on an annual basis.

ISO 27001

ISO 27001 is an Information Security Management System standard specifying requirements for establishing, implementing, maintaining, and continuously improving an organization’s Information Security Management System.

The ISO 27001 standard includes the following security domains covered by Apple's ISO certifications: 

  • Information security policies
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • Information systems acquisition, development, and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance

ISO 27018

ISO 27018 is a code of practice for the protection of personally identifiable information (PII) in public cloud environments.

The ISO 27018 standard includes the following security domains covered by Apple's ISO certifications:

  • Consent and choice
  • Purpose legitimacy and specification
  • Collection limitation
  • Data minimization
  • Use, retention, and disclosure limitation
  • Accuracy and quality
  • Openness, transparency, and notice
  • Individual participation and access
  • Accountability
  • Information security
  • Privacy compliance

Apple services covered by ISO 27001 and 27018

Apple's ISO 27001 and 27018 certifications cover the following services.

Apple Education Services

  • Apple School Manager
  • iTunes U
  • Schoolwork

Apple Enterprise Services

  • Apple Business Manager

Apple Services

  • Apple Business Chat
  • Apple Push Notification Service
  • FaceTime
  • iCloud
  • iMessage
  • Managed Apple IDs
  • Siri


Evidence of Apple's ISO 27001 and 27018 certifications are available at our registrar:

Operating system certifications

Learn more about product security, validations, and guidance for:

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: