AWS Security Blog

AWS Announces Successful SOC Assessment with 3 New Services in Scope


Today, I’m happy to announce the completion of another successful Service Organization Controls (SOC) assessment.

The AWS SOC program is an intense, period-in-time audit performed every six months. We have been releasing SOC Reports (or their SAS 70 predecessors) regularly since 2009, and we have, over the years, gradually built in more controls and added more services. These third-party assessments from Ernst & Young are mature and extensive, and attest to our alignment with the American Institute of Certified Public Accountants (AICPA) Security Trust Principles. The SOC programs continue to be a key component of our efforts to provide transparency to our customers in information security, confidentiality, and privacy.

The following 3 AWS services have been added to the scope of our SOC Reports:

This increases the number of services covered in our SOC Reports to 26, and with 34 AWS Edge Locations also in scope, AWS customers can satisfy a variety of use cases.

Our updated AWS SOC 1 and SOC 2 Security & Availability Reports cover the report period of April 1, 2015, through September 30, 2015, and will continue to be reaffirmed in a six-month cadence going forward. To request the latest SOC 1 or SOC 2 Reports, contact AWS Sales and Business Development. Alternatively, depending on your regulatory requirements, the SOC 3 Report is publically available for download via our AWS Compliance website, or you can view it directly.

Have additional questions about SOC reports? See our FAQ on the topic.

To see all publicly available certifications, see AWS Published Certifications, and to keep up with the latest AWS Compliance news, see AWS Compliance – Latest News.

– Chad Woolf, Director of AWS Risk and Compliance