AWS’s Approach to Achieving and Maintaining ISO 27001 and SOC Compliance

AWS’s Approach to Achieving and Maintaining ISO 27001 and SOC Compliance

Two of the world’s most widely used data security standards are ISO 27001 and SOC Compliance Framework. They are two of the many global standards and frameworks Amazon has adopted as part of the Amazon Web Services (AWS) Compliance Programs.

Amazon’s processes achieve and maintain compliance with these standards to ensure AWS customers benefit from strong data security practices and regulatory adherence.

How Amazon Complies with ISO/IEC 27001 Standards
ISO/IEC 27001 is among the world’s most widely-used information security management system (ISMS) standards. Amazon Web Services (AWS) is certified for compliance with ISO/IEC 27001:2013, the 2013 version of the standard.

Amazon’s internal processes for ensuring compliance consist of three elements:

1. Regular evaluations of current information security risks, threats, and vulnerabilities
2. Designing and implementing risk management procedures and other risk controls in accordance with ISO 27001 standards
3. Application of an overall risk management process to ensure current security controls meet Amazon’s needs

Independent third-party auditors conduct AWS’s ISO/IEC 27001:2013 audits to ensure an impartial certification process.

Controls and Measures Ensuring Amazon’s SOC Compliance
System and Organisation Controls (SOC) is a data security auditing standard created by the American Institute of Certified Public Accountants (AICPA). Service providers must adhere to the five Trust Service Criteria (TSC) to be SOC compliant: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

As a cloud service provider, Amazon’s systems store large quantities of potentially sensitive data. Amazon certifies AWS is fully SOC compliant to ensure data safety, privacy, and protection for all AWS customers.

As with ISO/IEC 27001 standards, AWS receives periodic audits from independent third-party organisations to verify the firm’s adherence to SOC 2 standards. AWS customers can read SOC 1 and SOC 2 reports on AWS Artifact. SOC 3 reports are available publicly in whitepaper format.

Which AWS Regions are Covered by ISO 27001 and SOC Compliances?
AWS regions covered by ISO 27001 certification include 29 data centres worldwide and over 100 AWS Edge locations, ensuring AWS customers have access to an extensive range of ISO 27001-compliant regions.

The SOC 3 report details the list of SOC-compliant AWS regions. SOC-compliant data centres are available in over 20 countries and 140 Amazon Edge locations.

Learn More with an Experienced AWS Well-Architected Partner
Scheduling an AWS Well-Architected Review with experienced AWS partner WOLK Technology is the best solution to ensure the performance of your workflows. Contact us today to learn more.