As part of our information security management system (ISMS), Twilio is certified under ISO/IEC 27001, a management system that provides specific requirements and practices intended to bring information security under management control. In addition, we have attestations to ISO/IEC 27017 and ISO/IEC 27018, internationally recognized codes of practice that provide guidance on controls to address cloud-specific information security threats and risks as well as for the protection of personally identifiable information (PII). Our compliance with these standards assures your protection in many ways:
Your data and environment are protected and separated from other customers
Twilio is committed to alignment with globally recognized best practices and maintains a system of precise controls to ensure the integrity of its cloud services
Physical media are managed and controlled to protect Twilio customers' data
Your data won't be used for marketing/advertising without consent
You know what's happening with your PII
We comply only with legally binding requests for disclosure of customer data
Twilio provides customers the ability to manage their data; you control your data and know where it is stored
ISMS Scope
All publicly available Twilio services and features are in scope.