Tag Archives: AWS SOC Reports

Fall 2019 SOC 2 Type I Privacy report now available

Post Syndicated from Hadis Ali original https://aws.amazon.com/blogs/security/fall-2019-soc-2-type-i-privacy-report-now-available/

We understand that the protection of personal data that is uploaded to AWS is critical for many of our customers, and the SOC2 Type 1 Privacy report provides the information you need to understand how your content is protected at AWS.

The Fall 2019 SOC 2 Type I Privacy report provides you with a third-party attestation of our systems and the suitability of the design of our privacy controls. The scope of the privacy report includes information about how we handle the content that you upload to AWS and how it is protected in all of the services and locations that are in scope for the latest AWS SOC reports. You can download the latest SOC 2 Type I Privacy report through AWS Artifact in the AWS Management Console.

As always, we value your feedback and questions. Please feel free to reach out to the team through the Contact Us page.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Author

Hadis Ali

Hadis is a Security & Privacy Manager at Amazon Web Services. He leads multiple security and privacy initiatives within AWS Security Assurance. Hadis holds Bachelor’s degrees in Accounting and Information Systems from the University of Washington.

Fall 2019 SOC reports now available with 116 services in scope

Post Syndicated from Oliver Bell original https://aws.amazon.com/blogs/security/fall-2019-soc-reports-now-available-with-116-services-in-scope/

We’re excited to announce the addition of 12 new services in scope under our latest System and Organizational Controls (SOC) audit cycle, for a total of 116 total services in scope. In addition to the new services, AWS has also expanded the list of controls covered within the reports to include more controls over employee screening procedures and new Region risk assessments.

These SOC reports are now available in the AWS Management Console. The SOC 3 report can also be downloaded online as a PDF.

Here are the 12 new services in scope (followed by their SDK names):

As always, my team strives to bring services into the scope of our compliance programs based on your architectural and regulatory needs. Please reach out to your AWS representatives to let us know what additional services you would like to see in scope across any of our compliance programs.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Spring 2019 SOC reports now available with 104 services in scope

Post Syndicated from Chris Gile original https://aws.amazon.com/blogs/security/spring-2019-soc-reports-now-available-with-104-services-in-scope/

We’re celebrating the addition of 31 new services in scope with our latest SOC report, pushing AWS past the century mark for the first time – with 104 total services in scope, to be exact! These services are now available under our System and Organizational Controls (SOC) 1, 2, and 3 audits, including the 31 new services added during this most recent audit cycle. These SOC reports are now available to you on demand in the AWS Management Console. The SOC 3 report can also be downloaded online as a pdf.

The SOC 2 report has been updated to align with the new Association of International Certified Professional Accountants (AICPA) Trust Service Criteria. The new Trust Service Criteria align with the Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 framework and are designed to provide flexibility that better addresses cybersecurity risks. The new Trust Service Criteria provide customers with more information on how AWS mitigates cybersecurity risks. Updates related to the new Trust Service Criteria are as follows:

  • Restructuring and realignment of the Trust Service Criteria with the COSO 2013 Framework.
  • Restructuring and addition of supplemental criteria to better address cybersecurity risks.
  • Inclusion of the 17 COSO principles within the SOC 2 common criteria.
  • Additional points of focus added to all criteria, such as requirements to add additional description around service commitments and system requirements.

Here are the 31 services newly added to our SOC scope:

As always, my team strives to bring services into the scope of our compliance programs based on your architectural and regulatory needs. Please reach out to your AWS representatives to let us know what additional services you would like to see in scope across any of our compliance programs.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.