AWS Security Blog

Category: Compliance

AWS Resources Addressing Argentina’s Personal Data Protection Law and Disposition No. 11/2006

We have two new resources to help customers address their data protection requirements in Argentina. These resources specifically address the needs outlined under the Personal Data Protection Law No. 25.326, as supplemented by Regulatory Decree No. 1558/2001 (“PDPL”), including Disposition No. 11/2006. For context, the PDPL is an Argentine federal law that applies to the protection of […]

Read More

AWS GDPR Data Processing Addendum – Now Part of Service Terms

Today, we’re happy to announce that the AWS GDPR Data Processing Addendum(.pdf) is now part of our online Service Terms. This means all AWS customers globally can rely on the terms of the AWS GDPR DPA which will apply automatically from May 25, 2018, whenever they use AWS services to process personal data under the GDPR. The AWS […]

Read More

The AWS Shared Responsibility Model and GDPR

The EU’s General Data Protection Regulation (GDPR) describes data processor and data controller roles, and some customers and AWS Partner Network (APN) partners are asking how this affects the long-established AWS Shared Responsibility Model. I wanted to take some time to help folks understand shared responsibilities for us and for our customers in context of […]

Read More

Spring 2018 AWS SOC Reports are Now Available with 11 Services Added in Scope

Since our last System and Organization Control (SOC) audit, our service and compliance teams have been working to increase the number of AWS Services in scope prioritized based on customer requests. Today, we’re happy to report 11 services are newly SOC compliant, which is a 21 percent increase in the last six months. With the […]

Read More

How AWS Meets a Physical Separation Requirement with a Logical Separation Approach

We have a new resource available to help you meet a requirement for physically-separated infrastructure using logical separation in the AWS cloud. Our latest guide, Logical Separation: An Evaluation of the U.S. Department of Defense Cloud Security Requirements for Sensitive Workloads outlines how AWS meets the U.S. Department of Defense’s (DoD) stringent physical separation requirement by […]

Read More

Tips for Success: GDPR Lessons Learned

Security is our top priority at AWS, and from the beginning we have built security into the fabric of our services. With the introduction of GDPR (which becomes enforceable on May 25 of 2018), privacy and data protection have become even more ingrained into our security-centered culture. Three weeks ago, well ahead of the deadline, […]

Read More

Newly released guide provides Australian public sector the ability to evaluate AWS at PROTECTED level

Australian public sector customers now have a clear roadmap to use our secure services for sensitive workloads at the PROTECTED level. For the first time, we’ve released our Information Security Registered Assessors Program (IRAP) PROTECTED documentation via AWS Artifact. This information provides the ability to plan, architect, and self-assess systems built in AWS under the […]

Read More

AWS and the Australian Notifiable Data Breaches Scheme

Recent amendments to the Australian Privacy Act 1988 (Privacy Act) established the Notifiable Data Breaches (NDB) scheme in Australia, which went into effect February 22, 2018. The NDB scheme aims to give affected individuals the opportunity to take steps to protect their personal information following a data breach that is likely to result in serious […]

Read More

All AWS Services GDPR ready

Today, I’m very pleased to announce that AWS services comply with the General Data Protection Regulation (GDPR). This means that, in addition to benefiting from all of the measures that AWS already takes to maintain services security, customers can deploy AWS services as a key part of their GDPR compliance plans. This announcement confirms we […]

Read More

AWS Achieves Spain’s ENS High Certification Across 29 Services

AWS has achieved Spain’s Esquema Nacional de Seguridad (ENS) High certification across 29 services. To successfully achieve the ENS High Standard, BDO España conducted an independent audit and attested that AWS meets confidentiality, integrity, and availability standards. This provides the assurance needed by Spanish Public Sector organizations wanting to build secure applications and services on […]

Read More