Apple internet services security certifications
Apple maintains certifications in compliance with the ISO/IEC 27001 and ISO/IEC 27018 standards to enable Apple customers to address their regulatory and contractual obligations. These certifications provide our customers with an independent attestation over Apple’s Information Security and Privacy practices for in-scope systems.
ISO/IEC 27001 and ISO/IEC 27018 are part of a family of Information Security Management System (ISMS) standards published by the International Organization for Standardization (ISO). As part of Apple’s ISMS, all Annex A control requirements have been included in the Statement of Applicability as defined within the ISO/IEC 27001and ISO/IEC 27018 standards. Apple undergoes an independent attestation by an accredited registrar on an annual basis.
ISO/IEC 27001
ISO/IEC 27001 is an Information Security Management System standard specifying requirements for establishing, implementing, maintaining, and continuously improving an organization’s Information Security Management System. The ISO/IEC 27001 standard includes the following security domains covered by Apple’s ISO/IEC certifications:
Information security policies
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Access control
Information systems acquisition, development, and maintenance
Information security incident management
Business continuity management
Compliance
ISO/IEC 27018
ISO/IEC 27018 is a code of practice for the protection of personally identifiable information (PII) in public cloud environments. The ISO/IEC 27018 standard includes the following security domains covered by Apple’s ISO/IEC certifications:
Consent and choice
Purpose legitimacy and specification
Collection limitation
Data minimization
Use, retention, and disclosure limitation
Accuracy and quality
Openness, transparency, and notice
Individual participation and access
Accountability
Information security
Privacy compliance
Apple services covered by ISO/IEC 27001 and ISO/IEC 27018
Apple’s ISO/IEC 27001 and ISO/IEC 27018 certifications cover the following services:
Apple accessory services
Apple Business Essentials
Apple Business Manager
Apple Messages for Business
Apple Push Notification service (APNs)
Apple School Manager
Claris Connect
Digital Car Key Services
FaceTime
FileMaker Cloud
iCloud
iMessage
iWork services
Managed Apple Accounts
Schoolwork
Siri
Certifications
Evidence of Apple’s ISO/IEC 27001 and 27018 certifications are publicly available. To view Apple’s certifications, go to the Certificate Directory on Coalfire’s website, enter Apple in the registrant name box, then select “view certificate.”
Note: Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.