Example Financial Services Industry (FSI) Lens Review Video

Transcript

Li: Hi everyone! Welcome to our Well-Architected Framework FSI Lens Review. We’ve already completed the
base Well-Architected Framework Review last month for our business-critical financial data workload. Today,
we’ll perform an additional review for the same workload, but this time using the FSI Lens. I’ll now hand it
over to our architect to lead the review.

Ana: Thanks Li! It’s great we have you as our workload sponsor. We also have our Well-Architected pillar
sponsors for Operational Excellence, Performance Efficiency, Security, and Reliability. I’ll be our note taker.

• I’m sharing the FSI Lens whitepaper on my screen.

• Let’s start with the Operational Excellence pillar. The first topic we’ll cover is: Define roles and
responsibilities across risk functions.
• Let’s look at the first question. Have we defined risk and compliance roles for the cloud. It involves
two best practices that we want to review.
• So first, as our cloud usage continues to increase, how are we engaging with our risk management and
internal audit functions to implement a process for the approval of cloud risk controls?

Nikki: Well, we want to keep it similar to what we had on premises, where we ensure that only the roles that
require access to resources are granted access.

Ana: Did the roles we had on premises align with the compliance and control requirements for this workload on
the cloud?

Nikki: Yes, but I see an issue with reporting. Today, we collect our compliance data points manually. As you can
imagine, that process is tedious and open to human error.

Ana: OK. So, right now we have roles that are defined for our compliance requirements. However, much of this
is done manually. For the second best practice, have we implemented a process for adopting appropriate risk
appetites? In other words, how do we evaluate and prioritize the impact of new innovations to this workload?

Nikki: Sure. We’ve met with our Chief Risk Officer to establish a process for evaluating the criticality of
workloads.

Ana: Do we understand how new innovations to this workload can potentially disrupt its high availability and
resilient design?

Nikki: We do. We’ve defined thresholds of acceptable risks. The threshold is based on the potential impact that
a disruption would have on our business and customers. We are currently adopting a process that has been
approved by the Board of Directors.

Ana: That’s great progress and aligns with best practices. We can mark that question as answered and move to
the next one.

Fast forward to the end of the review.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Ana: Thank you all for taking part in this important FSI Lens Review meeting. I will put together a report with
our findings and set up a meeting next week. Our next step is to prioritize the high- and medium-risk issues.
Then we’ll establish an improvement plan, identify steps, and integrate those issues into the backlog for
remediation. We’ll also use milestones to track our progress and document improvements. This will ensure that
we have a continuous process of discovering and resolving risk.

Li: Great job everyone! This has been a productive start towards resolving these issues. I look forward to
working with you all, to continue refining and optimizing this mission-critical workload.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.