AWS Artifact: Sign Up For AWS Create An IAM User

AWS Artifact
When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all
services in AWS, including AWS Artifact. If you haven't signed up for AWS, see Sign Up for AWS. To
create and manage user identity and permissions to provide highly secure, limited access to your AWS
resources, both for yourself and for others who need to work with your AWS resources, see Create an
IAM User.
AWS Artifact features a comprehensive list of access-controlled documents relevant to compliance

and security in the AWS cloud. For information related to the current scope of each audit report,
review the AWS Services in Scope web page for an up-to-date status. Not able to download the
document you would like? Make sure you have the correct access applied through your IAM policy.
Review the AWS Artifact Documentation for instructions on how to gain access.
Additional approval from Amazon is required to access this artifact. Open a request for access.
1. Cloud Computing Compliance Controls Catalogue (C5)
Reporting period: Valid from Apr 01 2016 to Nov 15 2016
This document evaluates the AWS controls that meet the criteria developed by the German BSI
(National Security Authority) for Cloud Computing Compliance Controls Catalog (C5). The
following services are in scope: AWS CloudFormation, AWS CloudHSM, AWS CloudTrail, AWS
Direct Connect, AWS Database Migration Service (DMS), Amazon DynamoDB, AWS Elastic
Beanstalk, Amazon Elastic Block Store (EBS), Amazon Elastic Compute Cloud (EC2), Elastic
Load Balancing, Amazon Elastic MapReduce (EMR), Amazon ElastiCache, Amazon Glacier,
AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), Amazon
Redshift, Amazon Relational Database Service (RDS), Amazon Route 53, Amazon Simple
Queue Service (SQS), Amazon Simple Storage Service (S3), Amazon Simple Workflow Service
(SWF), AWS Storage Gateway, Amazon Virtual Private Cloud (VPC), VM Import/Export. Data
centers in the EU (Frankfurt) Region are in scope.
2. FedRAMP Partner Package
Reporting period: Valid beginning May 01 2013

This package is provided to AWS partners and customers to support AWS US East/West
(FedRAMP Moderate) and AWS GovCloud (US) (FedRAMP High) Regions. The documents
available in this package include AWS' Authorization to Operate (ATO), AWS East/West and
GovCloud Executive Briefing, Control Implementation Summary (CIS), Customer Responsibility
Matrix (CRM), E-Authentication, FIPS-199 Categorization, Privacy Threat Analysis / Impact
Assessment (PTA/PIA), and SSP Customer Template. Please visit our AWS services-in-scope
webpage to obtain up-to-date information regarding the AWS services that have been formally
authorized for use: https://aws.amazon.com/compliance/services-in-scope/.
3. Global Financial Services Regulatory Principles
Reporting period: Valid beginning Nov 01 2016

This document has been prepared for AWS Customers in the Financial Services industry who
require insight into how to manage governance, risk and compliance in the cloud. Although
requirements vary by jurisdiction, AWS has identified five common principles related to Financial
Services regulation that customers should consider when using AWS cloud services and
specifically, applying the shared responsibility model to their regulatory requirements. For
information about the services and AWS Regions that this document applies to, see the AWS
SOC 2 report.
4. IRAP Package
Reporting period: Valid from Oct 20 2014 to Apr 20 2017

The Information Security Registered Assessors Program (IRAP) Package is the result of an audit
by an independent assessor from the Information Security Registered Assessors Program. The
assessment examined the security controls of Amazon’s people, process and technology to
ensure that they met the needs of the ASD 2014 ISM. This package includes the IRAP Report
Stage 2, ASD Certification Report, ASD Certification Letter, IRAP ISM Letter of Compliance, and
Control Implementation Summary.
5. ISO 27001:2013 Certification
Reporting period: Valid from Nov 11 2016 to Nov 07 2019

This certification, issued by an independent third-party auditor, validates that AWS complies with
the ISO 27001 internationally-recognized standard for security management best practices and
comprehensive security controls following the ISO 27002 best practice guidance. The following
services are in scope: Amazon API Gateway, Amazon CloudFront, Amazon DynamoDB,
Amazon EC2 Container Service (ECS), Amazon Elastic Block Store (Amazon EBS), Amazon
Elastic Compute Cloud (Amazon EC2), Amazon Elastic File System (Amazon EFS), Amazon
Elastic MapReduce (Amazon EMR), Amazon ElastiCache, Amazon Glacier, Amazon Redshift,
Amazon Relational Database Service (Amazon RDS), Amazon Route 53, Amazon Simple Email
Service (Amazon SES), Amazon Simple Queue Service (Amazon SQS), Amazon Simple
Storage Service (Amazon S3), Amazon Simple Workflow Service (SWF), Amazon SimpleDB,
Amazon Virtual Private Cloud (Amazon VPC), Amazon WorkDocs, Amazon WorkMail, Amazon
WorkSpaces, AWS CloudFormation, AWS CloudHSM, AWS CloudTrail, AWS Config, AWS
Database Migration Service, AWS Direct Connect, AWS Directory Service, AWS Elastic
Beanstalk, AWS Identity and Access Management (IAM), AWS Import/Export Snowball, AWS
Key Management Service (KMS), AWS Lambda, AWS Storage Gateway, AWS WAF (web
application firewall), Elastic Load Balancing, and VM Import/Export. Data centers in the following
locations are in scope: US East (Northern Virginia), US East (Ohio), US West (Oregon), US
West (Northern California), AWS GovCloud (US), Canada (Montreal), EU (London), EU (Ireland),
EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific
(Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) Regions, as well as the AWS
edge locations listed on the certification.
6. ISO 27001:2013 Statement of Applicability (SoA)


the ISO 27017 implementation guidance of cloud-specific information security controls that
supplement the ISO 27002 guidance and the ISO 27001 standard. The following services are in
scope: Amazon API Gateway, Amazon CloudFront, Amazon DynamoDB, Amazon EC2
Container Service (ECS), Amazon Elastic Block Store (Amazon EBS), Amazon Elastic Compute
Cloud (Amazon EC2), Amazon Elastic File System (Amazon EFS), Amazon Elastic MapReduce
(Amazon EMR), Amazon ElastiCache, Amazon Glacier, Amazon Redshift, Amazon Relational
Database Service (Amazon RDS), Amazon Route 53, Amazon Simple Email Service (Amazon
SES), Amazon Simple Queue Service (Amazon SQS), Amazon Simple Storage Service
(Amazon S3), Amazon Simple Workflow Service (SWF), Amazon SimpleDB, Amazon Virtual
Private Cloud (Amazon VPC), Amazon WorkDocs, Amazon WorkMail, Amazon WorkSpaces,
AWS CloudFormation, AWS CloudHSM, AWS CloudTrail, AWS Config, AWS Database
Migration Service, AWS Direct Connect, AWS Directory Service, AWS Elastic Beanstalk, AWS
Identity and Access Management (IAM), AWS Import/Export Snowball, AWS Key Management
Service (KMS), AWS Lambda, AWS Storage Gateway, AWS WAF (web application firewall),
Elastic Load Balancing, and VM Import/Export. Data centers in the following locations are in
scope: US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern
California), AWS GovCloud (US), Canada (Montreal), EU (London), EU (Ireland), EU (Frankfurt),
Asia Pacific (Singapore), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia
Pacific (Tokyo), and South America (Sao Paulo) Regions, as well as the AWS edge locations
listed on the certification.


the ISO 27018 implementation guidance of controls applicable to public cloud Personally
Identifiable Information (PII) protection that supplement the ISO 27002 guidance and the ISO
27001 standard. The following services are in scope: Amazon API Gateway, Amazon
CloudFront, Amazon DynamoDB, Amazon EC2 Container Service (ECS), Amazon Elastic Block
Store (Amazon EBS), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic File
System (Amazon EFS), Amazon Elastic MapReduce (Amazon EMR), Amazon ElastiCache,
Amazon Glacier, Amazon Redshift, Amazon Relational Database Service (Amazon RDS),
Amazon Route 53, Amazon Simple Email Service (Amazon SES), Amazon Simple Queue
Service (Amazon SQS), Amazon Simple Storage Service (Amazon S3), Amazon Simple
Workflow Service (SWF), Amazon SimpleDB, Amazon Virtual Private Cloud (Amazon VPC),
Amazon WorkDocs, Amazon WorkMail, Amazon WorkSpaces, AWS CloudFormation, AWS
CloudHSM, AWS CloudTrail, AWS Config, AWS Database Migration Service, AWS Direct
Connect, AWS Directory Service, AWS Elastic Beanstalk, AWS Identity and Access
Management (IAM), AWS Import/Export Snowball, AWS Key Management Service (KMS), AWS
Lambda, AWS Storage Gateway, AWS WAF (web application firewall), Elastic Load Balancing,
and VM Import/Export. Data centers in the following locations are in scope: US East (Northern
Virginia), US East (Ohio), US West (Oregon), US West (Northern California), AWS GovCloud
(US), Canada (Montreal), EU (London), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore),
Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Tokyo), and
South America (Sao Paulo) Regions, as well as the AWS edge locations listed on the
certification.


the ISO 9001 standard for effective quality management and continual improvement of the
development, design, and delivery of AWS services. It directly supports customers who develop,
migrate, and operate their quality-controlled IT systems in the AWS cloud. The following services
are in scope: Amazon API Gateway, Amazon CloudFront, Amazon DynamoDB, Amazon EC2
Container Service (ECS), Amazon Elastic Block Store (Amazon EBS), Amazon Elastic Compute
Cloud (Amazon EC2), Amazon Elastic File System (Amazon EFS), Amazon Elastic MapReduce
(Amazon EMR), Amazon ElastiCache, Amazon Glacier, Amazon Redshift, Amazon Relational
Database Service (Amazon RDS), Amazon Route 53, Amazon Simple Email Service (Amazon
SES), Amazon Simple Queue Service (Amazon SQS), Amazon Simple Storage Service
(Amazon S3), Amazon Simple Workflow Service (SWF), Amazon SimpleDB, Amazon Virtual
Private Cloud (Amazon VPC), Amazon WorkDocs, Amazon WorkMail, Amazon WorkSpaces,
AWS CloudFormation, AWS CloudHSM, AWS CloudTrail, AWS Config, AWS Database
Migration Service, AWS Direct Connect, AWS Directory Service, AWS Elastic Beanstalk, AWS
Identity and Access Management (IAM), AWS Import/Export Snowball, AWS Key Management
Service (KMS), AWS Lambda, AWS Storage Gateway, AWS WAF (web application firewall),
Elastic Load Balancing, and VM Import/Export. Data centers in the following locations are in
scope: US East (Northern Virginia), US East (Ohio), US West (Oregon), US West (Northern
California), AWS GovCloud (US), Canada (Montreal), EU (London), EU (Ireland), EU (Frankfurt),
Asia Pacific (Singapore), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia
Pacific (Tokyo), and South America (Sao Paulo) Regions, as well as the AWS edge locations
listed on the certification.
12. MAS TRM Guidelines Workbook
Reporting period: Valid beginning Dec 01 2016

The Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines
Workbook maps AWS security and compliance controls to the requirements within the MAS TRM
Guidelines. Where applicable, under the AWS shared responsibility model, the workbook
provides supporting details and references to assist financial institutions (FIs) when adapting the
MAS TRM Guidelines for their workloads on AWS.
Get this artifact
13. PCI DSS Attestation of Compliance (AOC) and Responsibility Summary - Current
Reporting period: Valid from Jul 11 2016 to Jul 10 2017

As an AWS customer, you can create your own card data environment (CDE) that can store,
transmit, or process cardholder data. This following services are in scope: Auto Scaling, AWS
CloudFormation, Amazon CloudFront, AWS CloudHSM, AWS CloudTrail, AWS Config, AWS
Direct Connect, Amazon DynamoDB, AWS Elastic Beanstalk, Amazon Elastic Block Store
(EBS), Amazon Elastic Compute Cloud (EC2), Amazon EC2 Container Service (ECS), Elastic
Load Balancing (ELB), Amazon Elastic MapReduce (EMR), Amazon Glacier, AWS Key
Management Service (KMS), AWS Identity and Access Management (IAM), Amazon Redshift,
Amazon Relational Database Service (RDS), Amazon Route 53, Amazon SimpleDB, Amazon
Simple Storage Service (S3), Amazon Simple Queue Service (SQS), Amazon Simple Workflow
Service (SWF), Amazon Virtual Private Cloud (VPC), AWS WAF (web application firewall), and
the underlying physical infrastructure (including GovCloud) and the AWS Management
Environment. Data centers in scope are listed in the Attestation of Compliance (AOC) within this
package.
14. PCI DSS Attestation of Compliance (AOC) and Responsibility Summary - Previous
Reporting period: Valid from Jul 17 2015 to Jul 16 2016

As an AWS customer, you can create your own card data environment (CDE) that can store,
transmit, or process cardholder data. This following services are in scope: Auto Scaling, AWS
CloudFormation, Amazon CloudFront, AWS CloudHSM, AWS CloudTrail, AWS Direct Connect,
Amazon DynamoDB, AWS Elastic Beanstalk, Amazon Elastic Block Store (EBS), Amazon
Elastic Compute Cloud (EC2), Amazon Elastic Load Balancing (ELB), Amazon Elastic
MapReduce (EMR), Amazon Glacier, AWS Key Management Service (KMS), AWS Identity and
Access Management (IAM), Amazon Redshift, Amazon Relational Database Service (RDS),
Amazon Route 53, Amazon SimpleDB, Amazon Simple Storage Service (S3), Amazon Simple
Queue Service (SQS), Amazon Simple Workflow Service (SWF), Amazon Virtual Private Cloud
(VPC), and the underlying physical infrastructure (including GovCloud) and the AWS
Management Environment. Data centers in scope are listed in the Attestation of Compliance
(AOC) within this package.
15. PSN Connection Compliance Certificate (CoCo)
Reporting period: Valid from Feb 17 2017 to Feb 17 2018

This Public Services Network (PSN) connection compliance certificate is issued following
completion of the PSN compliance verification process. It shows that AWS has successfully
achieved PSN compliance by demonstrating to the PSN team that the infrastructure is
sufficiently secure and that connection to the PSN would not present an unacceptable risk to the
security of the network.
16. PSN Service Provision Compliance Certificate

Reporting period: Valid from Feb 17 2017 to Feb 17 2018
This Public Services Network (PSN) service provision compliance certificate is issued following
completion of the PSN Service Security Standards (PSSS) process. This certificate can be
leveraged by customers as part of their own PSN assurance. This certificates shows that AWS
has successfully demonstrated to the PSN team that the above service is suitable for handling
public sector information at OFFICIAL and does not present an unacceptable risk to the security
of the PSN.
17. Quality Management System Overview
Reporting period: Valid beginning Jan 01 2016

This document has been prepared for GxP customers who require insight into the AWS quality
management system for the performance of their supplier evaluation. For information about the
services and AWS Regions that this document applies to, see the AWS ISO 9001 document.
18. Service Organization Controls (SOC) 1 Report - Current
Reporting period: Valid from Oct 01 2016 to Mar 31 2017

This document evaluates the effectiveness of AWS controls that might affect your internal
controls over financial reporting (ICOFR). The audit is performed according to the SSAE 16 and
ISAE 3402 standards. Many AWS customers use this report as an integral part of their
Sarbanes-Oxley efforts. The following services are in scope: Auto Scaling, AWS
CloudFormation, AWS CloudHSM, AWS CloudTrail, Amazon CloudWatch Logs, AWS Database
Migration Service (DMS), AWS Direct Connect, Amazon DynamoDB, AWS Elastic Beanstalk,
Amazon Elastic Block Store (EBS), Amazon Elastic Compute Cloud (EC2), Amazon Elastic File
System (EFS), Elastic Load Balancing, Amazon Elastic MapReduce (EMR), Amazon
ElastiCache, Amazon Glacier, AWS Identity and Access Management (IAM), AWS Key
Management Service (KMS), Amazon Redshift, Amazon Relational Database Service (RDS),
Amazon Route 53, Amazon Simple Email Service (SES), Amazon Simple Queue Service (SQS),
Amazon Simple Notification Service (SNS), Amazon Simple Storage Service (S3), Amazon
Simple Workflow Service (SWF), Amazon SimpleDB, AWS Storage Gateway, Amazon Virtual
Private Cloud (VPC), VM Import/Export, Amazon WorkMail, and Amazon WorkSpaces. Data
centers in the following locations are in scope: US East (Northern Virginia), US East (Ohio), US
West (Oregon), US West (Northern California), AWS GovCloud (US), Canada (Central), Europe
(Ireland), Europe (Frankfurt), Europe (London), Asia Pacific (Singapore), Asia Pacific (Sydney),
Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Mumbai), and South America (Sao
Paulo) Regions, as well as the AWS edge locations listed within the report.
19. Service Organization Controls (SOC) 1 Report - Previous (Apr 1 - Sep 30)
Reporting period: Valid from Apr 01 2016 to Sep 30 2016

Sarbanes-Oxley efforts. The following services are in scope: AWS CloudFormation, AWS
CloudHSM, AWS CloudTrail, AWS Database Migration Service (DMS), AWS Direct Connect,
Elastic Compute Cloud (EC2), Amazon Elastic File System (EFS), Elastic Load Balancing,
Amazon Elastic MapReduce (EMR), Amazon ElastiCache, Amazon Glacier, AWS Identity and
Access Management (IAM), AWS Key Management Service (KMS), Amazon Redshift, Amazon
Relational Database Service (RDS), Amazon Route 53, Amazon Simple Email Service (SES),
Amazon Simple Queue Service (SQS), Amazon Simple Storage Service (S3), Amazon Simple
Workflow Service (SWF), Amazon SimpleDB, AWS Storage Gateway, Amazon Virtual Private
Cloud (VPC), VM Import/Export, Amazon WorkMail, and Amazon WorkSpaces. Data centers in
the following locations are in scope: US East (Northern Virginia), US West (Oregon), US West
(Northern California), AWS GovCloud (US), EU (Ireland), EU (Frankfurt), Asia Pacific
(Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific
(Mumbai), and South America (Sao Paulo) Regions, as well as the AWS edge locations listed
within the report.
20. Service Organization Controls (SOC) 1 Report - Previous (Oct 1-March 31)

Sarbanes-Oxley efforts. The following services are in scope: AWS CloudFormation, AWS
CloudHSM, AWS CloudTrail, AWS Direct Connect, Amazon DynamoDB, AWS Elastic Beanstalk,
Amazon Elastic Block Store (EBS), Amazon Elastic Compute Cloud (EC2), Elastic Load
Balancing, Amazon Elastic MapReduce (EMR), Amazon ElastiCache, Amazon Glacier, AWS
Identity and Access Management (IAM), AWS Key Management Service (KMS), Amazon
Redshift, Amazon Relational Database Service (RDS), Amazon Route 53, Amazon Simple Email
Service (SES), Amazon Simple Queue Service (SQS), Amazon Simple Storage Service (S3),
Amazon Simple Workflow Service (SWF), Amazon SimpleDB, AWS Storage Gateway, Amazon
Virtual Private Cloud (VPC), VM Import/Export, Amazon WorkMail, and Amazon WorkSpaces.
Data centers in the following locations are in scope: US East (Northern Virginia), US West
(Oregon), US West (Northern California), AWS GovCloud (US), EU (Ireland), EU (Frankfurt),
Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao

This document evaluates the AWS controls that meet the criteria for security, availability, and
confidentiality in the American Institute of Certified Public Accountants (AICPA) TSP section 100,
Trust Services Principles and Criteria for Security, Availability, Processing Integrity,
Confidentiality, and Privacy. The following services are in scope: Auto Scaling, AWS
CloudFormation, AWS CloudHSM, AWS CloudTrail, Amazon CloudWatch Logs, AWS Database
Amazon Simple Notification Service (SNS), Amazon Simple Storage Service (S3), Amazon
Simple Workflow Service (SWF), Amazon SimpleDB, AWS Storage Gateway, Amazon Virtual
Private Cloud (VPC), VM Import/Export, Amazon WorkMail, and Amazon WorkSpaces. Data
centers in the following locations are in scope: US East (Northern Virginia), US East (Ohio), US
West (Oregon), US West (Northern California), AWS GovCloud (US), Canada (Central), Europe
(Ireland), Europe (Frankfurt), Europe (London), Asia Pacific (Singapore), Asia Pacific (Sydney),
Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Mumbai), and South America (Sao
22. Service Organization Controls (SOC) 2 Report - Previous (Apr 1 - Sep 30)

This document evaluates the AWS controls that meet the criteria for security, availability, and
confidentiality in the American Institute of Certified Public Accountants (AICPA) TSP section 100,
Trust Services Principles and Criteria for Security, Availability, Processing Integrity,
Confidentiality, and Privacy. The following services are in scope: AWS CloudFormation, AWS
CloudHSM, AWS CloudTrail, AWS Database Migration Service (DMS), AWS Direct Connect,
Elastic Compute Cloud (EC2), Amazon Elastic File System (EFS), Elastic Load Balancing,
Amazon Elastic MapReduce (EMR), Amazon ElastiCache, Amazon Glacier, AWS Identity and
Access Management (IAM), AWS Key Management Service (KMS), Amazon Redshift, Amazon
(Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific
(Mumbai), and South America (Sao Paulo) Regions, as well as the AWS edge locations listed
within the report.
23. Service Organization Controls (SOC) 2 Report - Previous (Oct 1-March 31)

This document evaluates the AWS controls that meet the criteria for security and availability in
the American Institute of Certified Public Accountants (AICPA) TSP section 100, Trust Services
Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.
The following services are in scope: AWS CloudFormation, AWS CloudHSM, AWS CloudTrail,
AWS Direct Connect, Amazon DynamoDB, AWS Elastic Beanstalk, Amazon Elastic Block Store
(EBS), Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing, Amazon Elastic
MapReduce (EMR), Amazon ElastiCache, Amazon Glacier, AWS Identity and Access
Management (IAM), AWS Key Management Service (KMS), Amazon Redshift, Amazon
(Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo)
Regions, as well as the AWS edge locations listed within the report.

The SOC 3 is a summary of the AWS SOC 2 report; it outlines that AWS meets the AICPA trust
principles in its SOC 2 audit report and includes the external auditor’s opinion of the operation of
controls (based on the criteria for security, availability, and confidentiality in the American
Institute of Certified Public Accountants’ TSP section 100, Trust Services Principles and Criteria
for Security, Availability, Processing Integrity, Confidentiality, and Privacy). Refer to the AWS
SOC 2 report for the scope of services and data center locations covered in this report.
25. Service Organization Controls 2 Typ 2-Bericht - Aktuell (Deutsch/German)

Mit diesem Dokument werden die AWS-Kontrollen bewertet, die die Kriterien fuer Sicherheit und
Verfuegbarkeit in TSP-Abschnitt 100, Trust Services Principles and Criteria for Security,
Availability, Processing Integrity, Confidentiality, and Privacy (Prinzipien fuer vertrauenswuerdige
Dienste und Kriterien fuer Sicherheit, Verfuegbarkeit, Verarbeitungsintegritaet, Vertraulichkeit
und Datenschutz) des American Institute of Certified Public Accountants (AICPA,
Amerikanisches Institut der Wirtschaftspruefer) erfuellen. Die folgenden Services sind im
Umfang enthalten: AWS CloudFormation, AWS CloudHSM, AWS CloudTrail, AWS Database
Amazon Simple Storage Service (S3), Amazon Simple Workflow Service (SWF), Amazon
SimpleDB, AWS Storage Gateway, Amazon Virtual Private Cloud (VPC), VM Import/Export,
Amazon WorkMail und Amazon WorkSpaces. Rechenzentren an den folgenden Standorten sind
im Umfang enthalten: USA Ost (Nord-Virginia), USA West (Oregon), USA West
(Nordkalifornien), AWS GovCloud (US), EU (Irland), EU (Frankfurt), Asien-Pazifik (Singapur),
Asien-Pazifik (Sydney), Asien-Pazifik (Tokio), Asien-Pazifik (Seoul), Asien-Pazifik (Mumbai), die
Regionen Suedamerika (Sao Paulo) sowie die im Bericht aufgefuehrten AWS-Edge-Standorte.
Get this artifact
26. SOC Continued Operations Letter
Reporting period: Valid from Apr 01 2017 to Jun 01 2017

AWS provides a full-year of coverage with our Service Organization Controls (SOC) 1 and 2
report cycles, issuing two SOC reports covering 6 month periods each year (the first report
covers Oct 01 to Mar 31 and the other Apr 01 to Sep 30). Based on a full-year of coverage, we
publish this SOC Continued Operations Letter instead of a bridge letter or gap letter. This
document states that we continue to maintain the security controls and system environment that
was audited and described in the latest SOC reports. For information about the services and
AWS Regions that this document applies to, see the current AWS SOC 1, SOC 2, and SOC 2
Confidentiality reports.

AWS Artifact: Sign Up For AWS Create An IAM User

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AWS Artifact: Sign Up For AWS Create An IAM User

Uploaded by

Copyright:

Available Formats

AWS Artifact

AWS Artifact features a comprehensive list of access-controlled documents relevant to compliance

2. FedRAMP Partner Package

Reporting period: Valid beginning May 01 2013

3. Global Financial Services Regulatory Principles

Reporting period: Valid beginning Nov 01 2016

Reporting period: Valid from Oct 20 2014 to Apr 20 2017

5. ISO 27001:2013 Certification

Reporting period: Valid from Nov 11 2016 to Nov 07 2019

6. ISO 27001:2013 Statement of Applicability (SoA)

Reporting period: Valid from Nov 11 2016 to Nov 07 2019

7. ISO 27017:2015 Certification

Reporting period: Valid from Nov 11 2016 to Nov 07 2019

8. ISO 27017:2015 Statement of Applicability (SoA)

Reporting period: Valid from Nov 11 2016 to Nov 07 2019

9. ISO 27018:2014 Certification

Reporting period: Valid from Nov 11 2016 to Nov 07 2019

10. ISO 27018:2015 Statement of Applicability (SoA)

11. ISO 9001:2015 Certification

Reporting period: Valid from Nov 11 2016 to Nov 07 2019

Reporting period: Valid beginning Dec 01 2016

Reporting period: Valid from Jul 11 2016 to Jul 10 2017

Reporting period: Valid from Jul 17 2015 to Jul 16 2016

15. PSN Connection Compliance Certificate (CoCo)

Reporting period: Valid from Feb 17 2017 to Feb 17 2018

16. PSN Service Provision Compliance Certificate

17. Quality Management System Overview

Reporting period: Valid beginning Jan 01 2016

18. Service Organization Controls (SOC) 1 Report - Current

Reporting period: Valid from Oct 01 2016 to Mar 31 2017

Reporting period: Valid from Apr 01 2016 to Sep 30 2016

Reporting period: Valid from Oct 01 2015 to Mar 31 2016

21. Service Organization Controls (SOC) 2 Report - Current

Reporting period: Valid from Oct 01 2016 to Mar 31 2017

Reporting period: Valid from Apr 01 2016 to Sep 30 2016

Reporting period: Valid from Oct 01 2015 to Mar 31 2016

24. Service Organization Controls (SOC) 3 Report - Current

Reporting period: Valid from Apr 01 2016 to Sep 30 2016

25. Service Organization Controls 2 Typ 2-Bericht - Aktuell (Deutsch/German)

Reporting period: Valid from Apr 01 2016 to Sep 30 2016

26. SOC Continued Operations Letter

Reporting period: Valid from Apr 01 2017 to Jun 01 2017

You might also like