AWS Security Blog

Spring SOC Report Now Available—Amazon WorkMail Now in Scope


Today, I’m pleased to announce that we have completed our semiannual AWS Service Organization Control (SOC) assessments and the reports are available to NDA customers now.

The AWS SOC program is an intense, period-in-time audit performed every six months. We have been releasing AWS services SOC Reports (or their SAS 70 predecessors) regularly since 2009, and we have gradually added more controls and services in scope over the years. These third-party assessments from Ernst & Young are comprehensive attestations to our alignment with the American Institute of Certified Public Accountants (AICPA) Security and Availability Trust Service Principles. The SOC program continues to be a key component of our efforts to provide transparency to our global customer base around information security, confidentiality, and privacy.

The AWS SOC Reports cover the US East (N. Virginia), US West (Oregon), US West (N. California), AWS GovCloud (US), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, as well as AWS Edge locations. Visit the AWS website for more information about the AWS Global Infrastructure.

For this latest period’s SOC 2 and SOC 3 Reports, AWS was assessed against the latest edition of the TSP Section 100, which the AICPA released in March 2016. Amazon WorkMail is now also in scope for our SOC Reports. This increases the number of services covered in our SOC Reports to 26, and with 34 AWS Edge Locations also in scope, AWS customers can satisfy a variety of audit use cases.

Our updated AWS SOC 1 and SOC 2 Security and Availability Reports cover the report period of October 1, 2015, through March 31, 2016, and will continue to be reaffirmed in a six-month cadence. To request the latest SOC 1 or SOC 2 Report, contact AWS Sales and Business Development. Alternatively, depending on your compliance needs, the SOC 3 Report is publically available for download via our AWS Cloud Compliance website, or directly as a PDF.

If you have additional questions about SOC Reports, see our SOC Compliance FAQ on the topic. To see all publicly available certifications, see Compliance Resources. To keep up with the latest AWS Compliance news, see AWS Compliance – Latest News.

– Chad Woolf, Director of AWS Risk and Compliance