Security certifications for Apple internet services
Apple maintains certifications in compliance with the ISO/IEC 27001 and ISO/IEC 27018 standards to enable Apple customers to address their regulatory and contractual obligations. These certifications provide our customers with an independent attestation over Apple’s Information Security and Privacy practices for in-scope systems.
ISO/IEC 27001 and ISO/IEC 27018 are part of a family of Information Security Management System (ISMS) standards published by the International Organization for Standardization (ISO). As part of Apple’s ISMS, all Annex A control requirements have been included in the Statement of Applicability as defined within the ISO/IEC 27001and ISO/IEC 27018 standards. Apple undergoes an independent attestation by an accredited registrar on an annual basis.
ISO/IEC 27001 is an Information Security Management System standard specifying requirements for establishing, implementing, maintaining, and continuously improving an organization’s Information Security Management System.
The ISO/IEC 27001 standard includes the following security domains covered by Apple's ISO/IEC certifications:
Information security policies
Organization of information security
Human resources security
Physical and environmental security
Communications and operations management
Information systems acquisition, development, and maintenance
Information security incident management
Business continuity management
ISO/IEC 27018 is a code of practice for the protection of personally identifiable information (PII) in public cloud environments. The ISO/IEC 27018 standard includes the following security domains covered by Apple’s ISO/IEC certifications:
Consent and choice
Purpose legitimacy and specification
Use, retention, and disclosure limitation
Accuracy and quality
Openness, transparency, and notice
Individual participation and access
Apple services covered by ISO/IEC 27001 and ISO/IEC 27018
Apple’s ISO/IEC 27001 and ISO/IEC 27018 certifications cover the following services:
Evidence of Apple’s ISO/IEC 27001 and 27018 certifications are available at our registrar:
Note: Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
For questions about Apple Security and Privacy Certifications, contact firstname.lastname@example.org.