Tag Archives: AWS SOC 3

Spring 2020 SOC reports now available with 122 services in scope

Post Syndicated from Ashutosh Sawant original https://aws.amazon.com/blogs/security/spring-2020-soc-reports-now-available-122-services-in-scope/

At AWS, our customers’ security is of the highest importance and we continue to provide transparency into our security posture.

We’re proud to deliver the System and Organizational Controls (SOC) 1, 2, and 3 reports to our AWS customers. The SOC program continues to enable our global customer base to maintain confidence in our secured control environments with a focus on information security, confidentiality, and availability. For the spring 2020 SOC reports covering period 10/1/2019 to 03/31/2020, we are excited to announce six new services in scope, for a total of 122 total services in scope. Additionally, we have updated how the scope of AWS locations is represented in our SOC reports, to provide better clarity to our customers.

These SOC reports are now available through AWS Artifact in the AWS Management Console. The SOC 3 report can also be downloaded online as a PDF.

Here are the 6 new services in scope (followed by their SDK names):

  • Amazon Chime (chime)
  • AWS Data Exchange (dataexchange)
  • AWS Elemental MediaLive (medialive)
  • AWS Elemental MediaConvert (mediaconvert)
  • AWS Personal Health Dashboard (health)
  • Amazon Textract (textract)

As always, AWS strives to bring services into the scope of its compliance programs to help you meet your architectural and regulatory needs. Please reach out to your AWS representatives to let us know what additional services you would like to see in scope across any of our compliance programs.

If you have feedback about this post, submit comments in the Comments section below.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Author

Ashutosh Sawant

Ashutosh is a Security Assurance Manager at Amazon Web Services. He leads multiple security and privacy initiatives within AWS. Prior to joining AWS, Ashutosh spent over 7 years at Ernst & Young as a Manager in the Risk Advisory Practice. Ashutosh holds a Master’s degree in Information Systems from Northeastern University, Boston and a Bachelor’s degree in Information Technology from Gujarat University, India.

Fall 2019 SOC reports now available with 116 services in scope

Post Syndicated from Oliver Bell original https://aws.amazon.com/blogs/security/fall-2019-soc-reports-now-available-with-116-services-in-scope/

We’re excited to announce the addition of 12 new services in scope under our latest System and Organizational Controls (SOC) audit cycle, for a total of 116 total services in scope. In addition to the new services, AWS has also expanded the list of controls covered within the reports to include more controls over employee screening procedures and new Region risk assessments.

These SOC reports are now available in the AWS Management Console. The SOC 3 report can also be downloaded online as a PDF.

Here are the 12 new services in scope (followed by their SDK names):

As always, my team strives to bring services into the scope of our compliance programs based on your architectural and regulatory needs. Please reach out to your AWS representatives to let us know what additional services you would like to see in scope across any of our compliance programs.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Spring 2019 SOC reports now available with 104 services in scope

Post Syndicated from Chris Gile original https://aws.amazon.com/blogs/security/spring-2019-soc-reports-now-available-with-104-services-in-scope/

We’re celebrating the addition of 31 new services in scope with our latest SOC report, pushing AWS past the century mark for the first time – with 104 total services in scope, to be exact! These services are now available under our System and Organizational Controls (SOC) 1, 2, and 3 audits, including the 31 new services added during this most recent audit cycle. These SOC reports are now available to you on demand in the AWS Management Console. The SOC 3 report can also be downloaded online as a pdf.

The SOC 2 report has been updated to align with the new Association of International Certified Professional Accountants (AICPA) Trust Service Criteria. The new Trust Service Criteria align with the Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 framework and are designed to provide flexibility that better addresses cybersecurity risks. The new Trust Service Criteria provide customers with more information on how AWS mitigates cybersecurity risks. Updates related to the new Trust Service Criteria are as follows:

  • Restructuring and realignment of the Trust Service Criteria with the COSO 2013 Framework.
  • Restructuring and addition of supplemental criteria to better address cybersecurity risks.
  • Inclusion of the 17 COSO principles within the SOC 2 common criteria.
  • Additional points of focus added to all criteria, such as requirements to add additional description around service commitments and system requirements.

Here are the 31 services newly added to our SOC scope:

As always, my team strives to bring services into the scope of our compliance programs based on your architectural and regulatory needs. Please reach out to your AWS representatives to let us know what additional services you would like to see in scope across any of our compliance programs.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.