Announcing Twilio's ISO/IEC 27017 and ISO/IEC 27018 Attestation

Announcing Twilio's ISO/IEC 27017 and ISO/IEC 27018 Attestation

Today we at Twilio are pleased to announce our attestation to the ISO/IEC 27017 and ISO/IEC 27018 standards.

We’d like to take this opportunity to provide a little information about what that means and why we’re taking these steps now.

About ISO/IEC 27017 and ISO/IEC 27018 Attestation

ISO/IEC 27017 and ISO/IEC 27018 are internationally recognized codes of practice that provide guidance on controls to address cloud-specific information security threats and risks. They also establish codes of practice to protect personally identifiable information (PII).

• ISO/IEC 27017 provides guidelines for information security controls that apply to the provision and use of cloud services
• ISO/IEC 27018 establishes a code of practice for protecting PII in public clouds

As our security posture continues maturing, we want to assure you and all of our customers our practices are aligned with industry-recognized best practices. Through ISO/IEC 27017 and ISO/IEC 27018 attestations, we hope to reaffirm our continued commitment to customer trust and security.

Because these are codes of practice and not management standards, ISO/IEC 27017 and ISO/IEC 27018 are not certifications. However, a certification body can issue a statement of compliance in the context of a broader ISO/IEC 27001 certification. Twilio chose Coalfire to validate both our ISO/IEC 27001 certification and our attestation to ISO/IEC 27017 and ISO/IEC 27018.

What Attestation means for you

Our compliance with these standards assures your protection in a number of ways:

• Your data and environment are protected and separated from other customers’ data
• Twilio is committed to continue aligning with globally recognized best practices
• We will maintain a system of precise controls to ensure the integrity of our cloud services
• Twilio will manage and control physical media to protect our customers’ data
• Your data won’t be used for marketing and advertising purposes without consent
• You know what’s happening with your PII
• We will only comply with legally binding requests to disclose your customer data
• Twilio will provide you the ability to manage your data: you can control your data and will know where it is stored

To learn more about ISO/IEC 27017 and ISO/IEC 27018, visit the ISO/IEC 27001 page at iso.org. To learn more about how Twilio protects your data, visit www.twilio.com/security.