All organizations face increasingly complex data protection and security requirements. Esri has taken a significant step forward in supporting its users’ data security needs by achieving the ISO 27001:2022 certification.
Customers using ArcGIS Online and ArcGIS Location Platform products hosted in the European Union and other regional data centers have long requested more stringent alignment with local data standards. Now, this Esri technology meets those requirements.
What ISO 27001 Means for ArcGIS Users
ISO 27001 is recognized globally across more than 170 countries as a premier standard for information security management systems. Unlike industry-specific certifications, ISO 27001 provides a comprehensive framework for protecting organizational data through systematic risk management and continuous improvement.
For Esri customers, here’s what the certification offers:
- Independent validation of security controls protecting geospatial data
- Compliance support for organizations subject to European Union data protection regulations
- Risk management assurance through internationally recognized standards
- Ongoing security commitment verified through annual surveillance audits
Building on FedRAMP Foundations
Esri’s existing Federal Risk and Authorization Management Program (FedRAMP) Moderate authorization for ArcGIS Online in the United States—which took effect in 2024 with no disruption to users—put the company on an accelerated path to ISO 27001 certification. Both security frameworks share principles on risk management, access control, and continuous monitoring, allowing Esri to leverage its robust security infrastructure to meet international standards.
The certification process involved a comprehensive independent assessment of Esri’s Information Security Management System that evaluated technological, organizational, and people-based procedures. Maintaining the certification requires annual surveillance audits to ensure that Esri continues to meet evolving security requirements.
A Seamless Transition for Existing Customers
All Esri users automatically benefit from the technology’s certified security controls, with no action required on their part.
Organizations that are considering implementing ArcGIS cloud services can now reference the ISO 27001 certification when evaluating security requirements and demonstrating compliance to stakeholders.
For more information about Esri’s commitments to security, privacy, and transparency, visit the ArcGIS Trust Center.