Back to Trust Center


ISO/IEC 27017:2015

ISO/IEC 27017:2015 provides guidance and recommendations of implementing cloud-specific information security controls that supplement the ISO/IEC 27001 standards, to ensure continuous management of security in a comprehensive manner.

MongoDB's cloud services are ISO/IEC 27017:2015 certified, the result of an independent third party audit.

What is ISO/IEC 27017:2015?

ISO/IEC 27017:2015 certification demonstrates cloud service security to users. It’s a security standard developed for a cloud-based environment to reduce risks of security problems. It is part of the ISO/IEC 27000 family of standards, standards which provides best practice recommendations on information security management. This standard was built from ISO/IEC 27002, suggesting additional security controls for the cloud which were not completely defined in ISO/IEC 27002.

Are MongoDB's cloud services ISO/IEC 27017:2015 certified?

Yes, MongoDB’s cloud services have achieved ISO/IEC 27017:2015 certification. This includes MongoDB Atlas – Atlas Database, Atlas Search, Atlas Data Lake, and Charts – and MongoDB Realm.

What is the scope of ISO/IEC 27017:2015 certification for MongoDB?

The scope of the ISO/IEC 27001:2013 certification is limited to the Information Security Management System (ISMS) covering the documented policies, procedures and controls managed by the MongoDB Cloud globally distributed workforce, in accordance with the Statement of Applicability, version 3.0, and aligned to the control sets in ISO/IEC 27017:2015 and ISO/IEC 27018:2019. The ISMS preserves the confidentiality, integrity and availability of the end to end Customer Sensitive Information (CSI) flows, as these relate to the MongoDB Cloud Platform, which is hosted in AWS, GCP and Azure, and comprises MongoDB Atlas, MongoDB Realm, MongoDB Atlas Data Lake and MongoDB Charts. Any products or features that are in beta, preview, or similar are not in scope.

The MongoDB ISMS is centrally managed out of the MongoDB Inc. headquarters in New York, United States of America.

The departmental scope includes Cloud Engineering, Technology Operations, Technical Services Support, Data Lake Engineering, Charts Engineering, Professional Services, Product, HR, Legal, Procurement and the CISO (Security and GRC) organizations.

MongoDB's cloud services is hosted on multiple third-party Infrastructure-as-a-Service (IaaS) environments, which are not included in the scope of this ISMS.

Do MongoDB Atlas hosting providers have ISO/IEC 27017:2015 certification?

MongoDB Atlas is hosted on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, which have each achieved ISO/IEC 27017:2015 certification. More information about the ISO/IEC 27017:2015 compliance for these providers is available at their respective websites:

What is the difference between ISO/IEC 27017:2015 and 27018:2019 certification?

ISO 27017 certification demonstrates cloud service security to users, while ISO 27018 certification ensures that personal data is processed securely.

Where can I download the ISO/IEC 27017:2015 certificate for MongoDB?

The ISO/IEC 27001:2013 certificate for MongoDB is available here.

Who performs the independent third-party audit of MongoDB for ISO/IEC 27017:2015?

Schellman and Company, LLC.

This page is for informational purposes only, and MongoDB does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of MongoDB's services as appropriate to support its legal and compliance obligations.

Ready to get started?

Launch a new app or migrate to MongoDB Atlas with zero downtime
Start with 512MB FreeContact