The International Organization for Standardization (ISO) is a global, non-governmental body of experts who provide guidelines for consistently achieving universally recognized standards for approaching process management. ISO standards are useful because they help an organization write and implement structured, organized, and appropriate processes.
- ISO/IEC 27001:2022—This international standard promotes a holistic approach to information security in regard to vetting people, policies, and technology.
- ISO/IEC 20243:2018—This standard addresses threats related to maliciously tainted and counterfeit products and services.
Esri in-scope Services
ArcGIS Online CSPs
ArcGIS Online's cloud service providers of Amazon Web Services and Microsoft Azure are ISO certified.
- Microsoft Azure ISO Certificates (Free/Protected)
- Amazon Web Services ISO 27001 Certificate (Public)
ArcGIS Online
Esri is currently working toward ISO 27001 certification for ArcGIS Online and ArcGIS Platform capabilities hosted in the European region, expected to be completed in 2025. ArcGIS Online U.S. operations already fall under the assurance of FedRAMP. FedRAMP Moderate offers stronger assurance than ISO 27001, encompassing more than 400 control requirements vs ISO 27001's 114 control requirements.
- ArcGIS Online ISO 27001:2022 Certification (In-Progress)
- ISO 27001 to FedRAMP Control Mapping (Public)
Esri completed a self-assessment for conformance with ISO/IEC 20243-1:2018 (O-TTPS) in April 2023. It is a set of guidelines, requirements, and recommendations that address specific threats to the integrity of hardware and Commercial Off-The-Shelf Software (COTS) products throughout the product life cycle. The ISO 20243 standard was subsequently updated in 2023, and instead of recertifying against the new version, in 2024, Esri incorporated the new NIST 800-53 Rev 5 Supply Chain requirements that address cyber supply chain concerns more holistically.
- ArcGIS Online ISO 20243:2018 (Self-Attestation)