Skip To Content

ISO

The International Organization for Standardization (ISO) develops globally recognized standards that help organizations establish effective management practices. Esri demonstrates its commitment to information security and supply chain integrity through internationally recognized certifications and assessments, including:

  • ISO 27001 — Defines how organizations manage and protect their information through a structured security system.
  • ISO 20243 — Ensures products are developed and delivered securely by preventing counterfeit or tampered components across the supply chain.

Esri ISO Certifications

  • ArcGIS ISO Cloud
  • Supply Chain
  • Corporate Services

Cloud Service Providers

  • Amazon Web Services
  • Microsoft Azure

ArcGIS ISO Cloud

ISO 27001 - In 2025, Esri's Information Security Management System (ISMS) was found to be in accordance with ISO 27001:2022 security controls. This includes ArcGIS Online and ArcGIS Location Platform hosted in the European Union (EU) region and physical security controls of US-based operations administration.

The ArcGIS ISO Cloud represents the subset of the Esri Certified Services that are explicitly included within the scope of Esri's certification. Additional services and regions, including Asia Pacific (APAC), will be covered in future assessments.

It is important to note that Esri's ISO 27001 certification supports customer NIS2 Directive (EU) 2022/2555 due diligence by providing independent certification evidence, documented controls, and ongoing monitoring aligned to relevant Article 21 security measures.

Supply chain

ISO 20243 - Esri completed a self-assessment against ISO/IEC 20243-1:2018 (O-TTPS) for ArcGIS Online. This assessment informed improvements to Esri's secure supply chain practices, which are now aligned with NIST 800-53 Rev. 5 supply chain controls.

Corporate Services

ISO 27001 - In 2026, Esri obtained a separate ISO/IEC 27001:2022 certification covering additional supporting organizational operations managed by Esri's Information Systems Technology department for the following US-based corporate services: MyEsri, Esri Tech, CPDE, Ecommerce, and EMCS Advanced.

Cloud Service Providers

The ArcGIS ISO Cloud leverages both Amazon Web Services (AWS) and Microsoft Azure, each of which maintain their own independent ISO certifications.