The International Organization for Standardization (ISO) develops globally recognized standards that help organizations establish effective management practices. Esri demonstrates its commitment to information security and supply chain integrity through internationally recognized certifications and assessments, including:
- ISO 27001 — Defines how organizations manage and protect their information through a structured security system.
- ISO 20243 — Ensures products are developed and delivered securely by preventing counterfeit or tampered components across the supply chain.
Esri ISO Certifications
- ArcGIS ISO Cloud
- Supply Chain
- Corporate Services
Cloud Service Providers
- Amazon Web Services
- Microsoft Azure
ArcGIS ISO Cloud
ISO 27001 - In 2025, Esri's Information Security Management System (ISMS) was found to be in accordance with ISO 27001:2022 security controls. This includes ArcGIS Online and ArcGIS Location Platform hosted in the European Union (EU) region and physical security controls of US-based operations administration.
The ArcGIS ISO Cloud represents the subset of the Esri Certified Services that are explicitly included within the scope of Esri's certification. Additional services and regions, including Asia Pacific (APAC), will be covered in future assessments.
- ArcGIS ISO Cloud Certificate (Public)
- Esri Certified Services (Public)
- ISO 27001 to FedRAMP Control Mapping (Public)
It is important to note that Esri's ISO 27001 certification supports customer NIS2 Directive (EU) 2022/2555 due diligence by providing independent certification evidence, documented controls, and ongoing monitoring aligned to relevant Article 21 security measures.
Supply chain
ISO 20243 - Esri completed a self-assessment against ISO/IEC 20243-1:2018 (O-TTPS) for ArcGIS Online. This assessment informed improvements to Esri's secure supply chain practices, which are now aligned with NIST 800-53 Rev. 5 supply chain controls.
Corporate Services
ISO 27001 - In 2026, Esri obtained a separate ISO/IEC 27001:2022 certification covering additional supporting organizational operations managed by Esri's Information Systems Technology department for the following US-based corporate services: MyEsri, Esri Tech, CPDE, Ecommerce, and EMCS Advanced.
- Corporate ISO Certificate (Public)
Cloud Service Providers
The ArcGIS ISO Cloud leverages both Amazon Web Services (AWS) and Microsoft Azure, each of which maintain their own independent ISO certifications.
- Microsoft Azure ISO Certificates (Free/Protected)
- Amazon Web Services ISO 27001 Certificate (Public)