Apple Inc. maintains certifications in compliance with the ISO 27001 and 27018 standards to enable Apple customers to address their regulatory and contractual obligations. These certifications provide our customers with an independent attestation over Apple’s Information Security and Privacy practices for in-scope systems.
ISO 27001 and 27018 are part of a family of global Information Security Management System (ISMS) standards published by the International Organization for Standardization (ISO). As part of Apple's ISMS, all Annex A control requirements have been included in the Statement of Applicability as defined within the ISO 27001 & 27018 standards. Apple undergoes an independent attestation by an accredited registrar on an annual basis.
ISO 27001 is an Information Security Management System standard specifying requirements for establishing, implementing, maintaining, and continuously improving an organization’s Information Security Management System.
The ISO 27001 standard includes the following security domains covered by Apple's ISO certifications:
- Information security policies
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development, and maintenance
- Information security incident management
- Business continuity management
ISO 27018 is a code of practice for the protection of personally identifiable information (PII) in public cloud environments.
The ISO 27018 standard includes the following security domains covered by Apple's ISO certifications:
- Consent and choice
- Purpose legitimacy and specification
- Collection limitation
- Data minimization
- Use, retention, and disclosure limitation
- Accuracy and quality
- Openness, transparency, and notice
- Individual participation and access
- Information security
- Privacy compliance
Apple services covered by ISO 27001 and 27018
Apple's ISO 27001 and 27018 certifications cover the following services.
Apple Education Services
- Apple School Manager
- iTunes U
Apple Enterprise Services
- Apple Business Manager
- Apple Business Chat
- Apple Push Notification Service
- Managed Apple IDs