MongoDB's ISO/IEC 27001:2013 certification is a result of an independent third party audit, which examines the development and implementation of an information security management system (ISMS) to achieve continuous management of security in a comprehensive manner.
What is ISO/IEC 27001:2013?
ISO/IEC 27001:2013 is a globally recognized standard mandating numerous controls for the establishment, maintenance, and certification of an information security management system (ISMS). It is part of the ISO/IEC 27000 family of information security standards. The last version of the ISO/IEC 27001 standard was published in 2013, with a few minor updates since then.
Is MongoDB Atlas ISO/IEC 27001:2013 certified?
Yes, MongoDB Atlas has achieved ISO/IEC 27001:2013 certification.
What is the scope of ISO/IEC 27001:2013 certificate for MongoDB?
The scope of the ISO/IEC 27001:2013 certification for MongoDB is limited to the information security management system (ISMS) supporting all activities performed by MongoDB in operating and supporting the MongoDB Atlas cloud service, and includes all of the relevant internal business processes, people and technology that comprise the MongoDB Atlas service and in accordance with the statement of applicability dated May 1, 2019.
The MongoDB ISMS is centrally managed out of the MongoDB Inc. headquarters in New York, United States of America. The MongoDB Atlas cloud service offering is hosted on multiple third-party Infrastructure-as-a-Service (IaaS) environments, which are not included in the scope of this ISMS.
Do MongoDB Atlas hosting providers have ISO/IEC 27001:2013 certification?
MongoDB Atlas is hosted on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, which have each achieved ISO/IEC 27001:2013 certification. More information about the ISO/IEC 27001:2013 compliance for these providers is available at their respective websites:
Where can I download the ISO/IEC 27001:2013 certificate for MongoDB?
The ISO/IEC 27001:2013 certificate for MongoDB is available here.
Who performs the independent third-party audit of MongoDB for ISO/IEC 27001:2013?
Schellman and Company, LLC.
This page is for informational purposes only, and MongoDB does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of MongoDB's services as appropriate to support its legal and compliance obligations.