Skip to main content

Elastic achieves ISO 27701 certification

Reinforcing commitment to data privacy and covering all deployment options

By
Oliver Mao
blog-iso-cert_(1).png

We are proud to announce a significant expansion of our compliance portfolio: Elastic has achieved the ISO/IEC 27701 certification for our Privacy Information Management System (PIMS).

This milestone is a testament to our commitment to data privacy, reinforcing the trust you place in us as the foundation for your mission-critical applications across search, security, and observability.

Why this matters: A new standard for data privacy

ISO 27701 is the international standard for privacy information management, serving as an extension to the globally recognized ISO 27001 (Information Security Management). Achieving this certification demonstrates that Elastic has implemented and maintained a robust and continually improving PIMS designed to protect the privacy rights of our customers and help you meet your organizational privacy obligations.

This certification covers how Elastic manages personal data in its role as a processor of customer data, affirming that our practices are aligned with the highest standards for data privacy and security.

Comprehensive scope: Covering Elastic everywhere

Our commitment to customer flexibility and trust means that compliance cannot be limited to a single deployment option. No matter how you choose to use Elastic — whether self-managed or one of our cloud offerings — we are proud to confirm that the scope of our ISO 27701 certification is comprehensive, covering all core Elastic product deployment options:

  • Elastic Cloud Hosted: Our certification spans all cloud service providers, including AWS, Google Cloud, and Azure.

  • Elastic Serverless: Our certification includes all project types — Search, Security, and Observability.
  • Elastic self-managed options — Elastic Cloud Enterprise (ECE) and Elastic Cloud on Kubernetes (ECK): Our certified controls apply to the development and maintenance of the software used in our self-managed ECE and ECK deployment options.

How this supports your data privacy obligations

For our customers, the ISO 27701 certification offers several benefits:

  • Simplified compliance: As you evaluate vendor risk, our certification reduces the due diligence required on your part. It provides third-party assurance that Elastic is maintaining a comprehensive PIMS for the data you ingest, streamlining your vendor assessment and onboarding processes.

  • Global trust: The ISO standard is globally recognized, providing a foundational certification that supports your compliance efforts across diverse international regulations.
  • Ongoing commitment: This achievement emphasizes the continuous improvement principles foundational to ISO and our continuous investment in comprehensive security and privacy practices, ensuring that your data is protected by industry-leading standards.

Learn more

This achievement is our demonstration to our customers that our innovation in technology is matched by our dedication to security and privacy. We will continue to maintain and expand our compliance portfolio and security certifications to ensure that Elastic remains the most trusted search, security, and observability platform for your data.

To access our official ISO 27701 certificate and learn more about our commitment to security and privacy, please visit the Elastic Trust Center.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

Sign up for Elastic Cloud free trial

Spin up a fully loaded deployment on the cloud provider you choose. As the company behind Elasticsearch, we bring our features and support to your Elastic clusters in the cloud.

Start free trial