The scope of the ISO/IEC 27001:2022 certification is limited to the Information Security Management System (ISMS) covering the documented policies, procedures, and controls managed by the MongoDB Cloud Services globally distributed workforce,​ in accordance with the Statement of Applicability, v7.2, dated April 1, 2024, and aligned to the control sets in ISO/IEC27017:2015 and ISO/IEC 27018:2019.

The ISMS preserves the confidentiality, integrity, and availability of the end-to-end​ Customer Sensitive Information (CSI) flows, as these relate to the MongoDB Cloud Services, which is hosted in AWS, GCP​, and Azure, and comprises MongoDB Atlas, MongoDB Atlas App Services-Realm, MongoDB Atlas Data Federation, MongoDB​ Charts, MongoDB Cloud Manager, and MongoDB Atlas Serverless Database.

The departmental scope includes Cloud​ Engineering, Technology Operations, Technical Services Support, Data Lake Engineering, Charts Engineering, Professional Services, Product, HR, Legal, Procurement, and the CISO (Security and GRC) organizations.

The MongoDB ISMS is centrally managed out of the MongoDB Inc. headquarters in New York, United States of America.

The MongoDB Atlas cloud service offering is hosted on multiple third-party Infrastructure-as-a-Service (IaaS) environments, which are not included in the scope of this ISMS.

MongoDB Atlas is hosted on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, which have each achieved ISO/IEC 27001:2022 certification. More information about the ISO/IEC 27001:2022 compliance for these providers is available at their respective websites:

• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Microsoft Azure

IISO 27017 and ISO 27018 are incorporated into MongoDB's ISO 27001 certification. More information:

• MongoDB ISO 27017 Certification
• MongoDB ISO 27018 Certification