Compliance and Security go together in the environment of an organization. Compliance standards and services offer customer satisfaction and build trust in the organization. Compliance also has a vital role in application scalability and organization flexibility. This article will explain some of the compliance standards and certifications that AWS supports and the cloud services that work to keep a check on compliance standards.

Let us discuss the compliance standards and certifications first and then we will head to the services.

What are the Compliance Standards and Certifications?

Some of the compliance standards and certifications that are implemented and held by AWS are:

• • HIPAA
  • ISO
  • C5
  • CSA
  • CyberGRX
  • TPN

 

Let us explain these standards and certifications in compliance with AWS:

HIPAA

The Health Insurance Portability and Accountability Act is a federal act of 1996 by the US to ensure that organizations do not leak sensitive information about patients. AWS complies with this act.

ISO

ISO (International Organization for Standardization) is a world-renowned organization that awards certifications to organizations worldwide based on the standards they meet. AWS has a suitable number of certifications from ISO for risk management and cloud security etc.

C5

C5 (Cloud Computing Compliance Control Catalog) is a German attestation scheme that the AWS user can use to understand security controls in compliance with the organization.

CSA

CSA (Cloud Security Alliance) provides certifications for security assurance and best practices of use. AWS holds up to level 3 certifications.

CyberGRX

This organization carries out a third-party risk assessment and is validated by Deloitte and KPMG as well. Users of AWS can generate their own CyberGRX report.

TPN

TPN (Trusted Partner Network) has a few benchmarks for the protection and privacy of protected media content. AWS meets these benchmarks to increase media content security.

Let us head to some of the cloud services used for compliance purposes:

What are the Compliance Services in AWS?

AWS meets a lot of compliance standards and security protocols. To ensure security and compliance with policies, there are a few services provided by AWS regarding this. Two main services in this scenario are:

• • AWS Artifact
  • AWS Audit Manager

Let us discuss them one by one:

AWS Artifact

AWS Artifact service serves the purpose of a library that holds information related to compliance standards and practices. It provides an on-demand service for users based on their needs. All the compliance and security-related certifications and standards that AWS holds are accessible by this service.

It works by providing the customer with the required information. It can be used to download the reports and results. Refer to the below figure to grasp the understanding of its working:

Let us discuss the AWS Audit Manager now:

AWS Audit Manager

This cloud service continuously keeps a check on your usage for a simpler assessment of risk and compliance issues. It gathers information on the root causes of non-compliance and generates reports for auditing.

It works by choosing a pre-built framework and then defining rules. Then it continuously monitors services used to find out the root cause for compliance issues and then generates the audit report. The basic system architecture can be seen below:

That is all from this article.

Conclusion

Security and compliance standards and certification are necessary to keep an organization working and hence ensure customer satisfaction. Amazon not only follows the standardized rules and regulations defined by regulating authorities but also provides services to help users be aware of these rules. This article has explained the compliance services in AWS.