Is AWS 27001 sufficient to show security?

To understand if the ISO 27001 certification of your provider is enough for your business, you need to take a look at the legal requirements (e.g., laws, regulations, and contracts) your business must fulfill, and business objectives that must be achieved.

For example, some clients may require through contractual clauses that your business is ISO 27001 certified, and in this case, the provider certification is not enough.

This article will provide you a further explanation about requirements identification:

• How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

These materials will also help you regarding ISO 27001:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

I am not sure if our question was answered in your link, it’s made it even more confusing by not being direct

First of all, sorry for this confusion.

The certification of your provider will be enough to show security if you do not have any customer or regulatory body demanding something different.

For example, your customer might require that your cloud provider is ISO 27001 certified, and in such case, you do not have to do anything more; however, your customer might require your company to be ISO 27001 certified, in which case you need to implement the whole standard even though your cloud provider is already certified.

With the AWS ISO 27001 certification, AWS complies with a broad, comprehensive security standard and follows best practices in maintaining a secure environment. ... AWS reports, certifications and third party attestations are discussed in more detail later in this document.