AWS is pleased to announce the immediate availability of the AWS Service Organization Control (SOC) 3 report, which you can view here and freely distribute. This report on AWS security practices enables you and your stakeholders to validate that AWS has obtained independent auditor assurance, which attests to our alignment with the American Institute of Certified Public Accountants (AICPA) Security Trust Principles.
Moreover, we’re happy to announce the following are now in scope for all our SOC reports:
- AWS’s Sydney, Australia region
- Amazon Elastic MapReduce (EMR)
- Amazon Redshift
- AWS Identity & Access Management (IAM)
The expanding list of services and regions incorporated into our compliance program allows our customers to use a wider range of AWS services for sensitive and/or regulated workloads.
Other AWS SOC reports
In addition to the SOC 3 report, AWS also makes available to customers a SOC 1 (Type 2) and SOC 2 (Type 2) report. To help you understand which report is right for you, we’ve included a description of the reports below.
AWS SOC 1 (SSAE 16/ISAE 3402)
The AWS SOC 1 focuses on the processes and controls AWS performs relevant to our customers’ financial reporting. Many AWS customers use the AWS SOC 1 as an integral part of their Sarbanes-Oxley efforts and other security and compliance initiatives.
AWS SOC 2 – Security
The AWS SOC 2 focuses on the processes AWS performs relevant to controls around security. This report is leveraged by a wide range of AWS customers, including but not limited to customers in the technology, healthcare, banking and financial services industries. This report is leveraged to meet a wide range of security control and compliance requirements.
What are customers saying about the AWS SOC Reports?
“The report exceeded my expectation in regards to the presentation of data. It was very easy for me to find the information I needed quickly. Additionally, the information itself was presented clearly and straight-forward. I was able to complete my task more efficiently as a result.”
– Scott Young, Internal Audit Manager at Zagg, Inc., responding to the AWS SOC 1 report
How to get AWS SOC reports
You can download the AWS SOC 3 here. To request the latest SOC 1 or SOC 2 reports, please contact AWS Sales and Business Development. You can also visit the AWS Compliance website to learn more about AWS compliance in general.
- AICPA Service Organization Controls – Managing Risks by Obtaining a Service Auditor’s Report
- CSA Position Paper on AICPA Service Organization Control Reports
Director, AWS Risk and Compliance