ISO/IEC 27001:2013 is a globally recognized standard mandating numerous controls for the establishment, maintenance, and certification of an information security management system (ISMS). It is part of the ISO/IEC 27000 family of information security standards. The last version of the ISO/IEC 27001 standard was published in 2013, with a few minor updates since then.
Yes, MongoDB Cloud has achieved ISO/IEC 27001:2013 certification. This includes MongoDB Atlas, MongoDB Realm, MongoDB Atlas Data Lake, and MongoDB Charts
The scope of the ISO/IEC 27001:2013 certification for MongoDB is limited to the Information Security Management System (ISMS) covering the documented policies, procedures and controls managed by the MongoDB Cloud globally distributed workforce, in accordance with the Statement of Applicability, version 2.0 dated April 20, 2020. The ISMS preserves the confidentiality, integrity and availability of the end to end Customer Sensitive Information (CSI) flows, as these relate to the MongoDB Cloud, which is hosted in AWS, GCP and Azure, and comprises MongoDB Atlas, MongoDB Realm, MongoDB Atlas Data Lake and MongoDB Charts.
The departmental scope includes Cloud Engineering, Technology Operations, Technical Services Support, Data Lake Engineering, Charts Engineering, Professional Services, Product, HR, Legal, Procurement and the CISO (Security and GRC) organizations.
The MongoDB ISMS is centrally managed out of the MongoDB Inc. headquarters in New York, United States of America.
The MongoDB Atlas cloud service offering is hosted on multiple third-party Infrastructure-as-a-Service (IaaS) environments, which are not included in the scope of this ISMS.
MongoDB Atlas is hosted on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, which have each achieved ISO/IEC 27001:2013 certification. More information about the ISO/IEC 27001:2013 compliance for these providers is available at their respective websites:
The ISO/IEC 27001:2013 certificate for MongoDB is available here.
Schellman and Company, LLC.