The International Organization for Standardization (ISO) is a global, non-governmental body of experts who provide guidelines for consistently achieving universally recognized standards for approaching process management. ISO standards are useful because they help an organization write and implement structured, organized, and appropriate processes.
- ISO/IEC 27001:2022—This international standard promotes a holistic approach to information security in regard to vetting people, policies, and technology.
- ISO/IEC 20243:2018—This standard addresses threats related to maliciously tainted and counterfeit products and services.
Esri in-scope Services
ArcGIS Online CSPs
ArcGIS Online's cloud service providers of Amazon Web Services and Microsoft Azure are ISO certified.
- Microsoft Azure ISO Certificates (Free/Protected)
- Amazon Web Services ISO 27001 Certificate (Public)
ArcGIS Online
Esri is currently working toward ISO 27001 certification for ArcGIS Online and ArcGIS Platform capabilities hosted in the European region, expected to be completed before 2025. ArcGIS Online U.S. operations already fall under the assurance of FedRAMP. FedRAMP Moderate offers stronger assurance than ISO 27001, encompassing more than 400 control requirements vs ISO 27001's 114 control requirements.
- ArcGIS Online ISO 27001:2022 Certification (In-Progress)
- ISO 27001 to FedRAMP Control Mapping (Public)
Esri completed a self-assessment for conformance with ISO/IEC 20243-1:2018 (O-TTPS) in April 2023. It is a set of guidelines, requirements, and recommendations that address specific threats to the integrity of hardware and Commercial Off-The-Shelf Software (COTS) products throughout the product life cycle. A new version of the certification standard is being worked on by ISO, however new FedRAMP supply chain requirements address cyber supply chain concerns more holistically, which will be in place for ArcGIS Online in 2024.
- ArcGIS Online ISO 20243:2018 (Self-Attestation)