Skip to main content

Amazon Web Services: Contracts

Question for Home Office

UIN 75296, tabled on 16 July 2020

To ask the Secretary of State for the Home Department, what assessment her Department made of the effect on security of the four-year contract awarded to Amazon Web Services in December 2019.

Answered on

21 July 2020

The four-year contract awarded to Amazon Web Services in December 2019 is based on the Crown Commercial Service G-Cloud 11 Framework Agreement (RM1557.11) call-off terms and conditions, together with the supplier’s terms and conditions applicable to the ordered services.

The Home Office has now published a redacted version of the contract available on contracts finder and it can be found here:

The contract utilises standard Crown Commercial Service G-Cloud Terms and Conditions on Security which can be found in Part B – Terms and Conditions, Section 16. These terms can be found either in the published contract or via the CCS website -

Officials are unable to define what is meant by ‘the effects on security’. However, security is assessed through internal Home Office governance on individual services and products provided by the supplier as and when they are utilised by the Home Office, not on the AWS platform as a whole.

AWS also have the appropriate accreditations for the services they provide to Home Office and a full list has been provided to us as a buyer under a non-disclosure agreement. A list of publicly available compliances resources, including security compliance, is proved by Amazon Web Services online.

I can confirm that these documents provided highlight how Amazon Web Services complies with the following accreditations, amongst others:

  • UK Cyber Essentials & Cyber Essentials+
  • ISO27001
  • ISO27017
  • ISO27018

Answered by

Home Office
Named day
Named day questions only occur in the House of Commons. The MP tabling the question specifies the date on which they should receive an answer. MPs may not table more than five named day questions on a single day.