AWS Security Blog

Two Big Announcements from AWS Compliance: SOC 3 Report Now Available and All SOC Reports Include New Services and New Region in Scope

SOC logo

AWS is pleased to announce the immediate availability of the AWS Service Organization Control (SOC) 3 report, which you can freely distribute. This report on AWS security practices enables you and your stakeholders to validate that AWS has obtained independent auditor assurance, which attests to our alignment with the American Institute of Certified Public Accountants (AICPA) Security Trust Principles.

Moreover, we’re happy to announce the following are now in scope for all our SOC reports:

The expanding list of services and regions incorporated into our compliance program allows our customers to use a wider range of AWS services for sensitive and/or regulated workloads.

Other AWS SOC reports

In addition to the SOC 3 report, AWS also makes available to customers a SOC 1 (Type 2) and SOC 2 (Type 2) report.  To help you understand which report is right for you, we’ve included a description of the reports below.

AWS SOC 1 (SSAE 16/ISAE 3402)

The AWS SOC 1 focuses on the processes and controls AWS performs relevant to our customers’ financial reporting. Many AWS customers use the AWS SOC 1 as an integral part of their Sarbanes-Oxley efforts and other security and compliance initiatives.

AWS SOC 2 – Security

The AWS SOC 2 focuses on the processes AWS performs relevant to controls around security. This report is leveraged by a wide range of AWS customers, including but not limited to customers in the technology, healthcare, banking and financial services industries. This report is leveraged to meet a wide range of security control and compliance requirements.

What are customers saying about the AWS SOC Reports?

“The report exceeded my expectation in regards to the presentation of data.  It was very easy for me to find the information I needed quickly.  Additionally, the information itself was presented clearly and straight-forward.  I was able to complete my task more efficiently as a result.”

– Scott Young, Internal Audit Manager at Zagg, Inc., responding to the AWS SOC 1 report

How to get AWS SOC reports

You can download the AWS SOC 3 report. To request the latest SOC 1 or SOC 2 reports, please contact AWS Sales and Business Development.  You can also visit the AWS Compliance website to learn more about AWS compliance in general.

Additional resources:

Chad Woolf
Director, AWS Risk and Compliance

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Author

Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.