AWS Security Blog

AWS Announces Successful SOC Assessment with 3 New Services in Scope


Today, I’m happy to announce the completion of another successful Service Organization Controls (SOC) assessment.

The AWS SOC program is an intense, period-in-time audit performed every six months. We have been releasing SOC Reports (or their SAS 70 predecessors) regularly since 2009, and we have, over the years, gradually built in more controls and added more services. These third-party assessments from Ernst & Young are mature and extensive, and attest to our alignment with the American Institute of Certified Public Accountants (AICPA) Security Trust Principles. The SOC programs continue to be a key component of our efforts to provide transparency to our customers in information security, confidentiality, and privacy.

The following 3 AWS services have been added to the scope of our SOC Reports:

This increases the number of services covered in our SOC Reports to 26, and with 34 AWS Edge Locations also in scope, AWS customers can satisfy a variety of use cases.

Our updated AWS SOC 1 and SOC 2 Security & Availability Reports cover the report period of April 1, 2015, through September 30, 2015, and will continue to be reaffirmed in a six-month cadence going forward. To request the latest SOC 1 or SOC 2 Reports, contact AWS Sales and Business Development. Alternatively, depending on your regulatory requirements, the SOC 3 Report is publically available for download via our AWS Compliance website, or you can view it directly.

Have additional questions about SOC reports? See our FAQ on the topic.

To see all publicly available certifications, see AWS Published Certifications, and to keep up with the latest AWS Compliance news, see AWS Compliance – Latest News.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.