Introduced by the French governmental agency for health, “Agence Française de la Santé Numérique” (ASIP Santé), the HDS certification aims to strengthen the security and protection of personal health data. Achieving this certification demonstrates that AWS provides a framework for technical and governance measures to secure and protect personal health data, governed by French law. The HDS certification validates that AWS ensures data confidentiality, integrity, and availability to its customers and partners. AWS worked with an independent third-party auditor to achieve the certification.
What is the benefit of ASIP HDS?
ASIP HDS certification provides the necessary assurance of information security for companies who wish to host the healthcare data of French citizens in the cloud.
Which AWS services are in scope for ASIP HDS?
To be HDS certified, an IT provider must be ISO 27001 certified, which means that the services covered by our ISO 27001 certification are included within the scope of HDS. The AWS services that are in scope for the ISO/IEC 27001:2013 certification can be found on the ISO Certified webpage.
What regions are in scope of the HDS certification?
The HDS certification currently covers 3 AWS EU regions: Frankfurt, Ireland, and Paris.
Can I get a copy of the AWS ASIP HDS Certification?
What is the ASIP HDS certification scope that AWS achieved?
AWS achieved ASIP HDS certification in the following areas:
A "physical infrastructure host" certificate for the provision of physical hosting and physical infrastructure activities
1) Provision and operational maintenance of physical sites to host the hardware infrastructure of the information system used for the processing of health data
2) Provision and maintenance of the physical infrastructure of the information system used for the processing of health data
A "hosting provider" certificate for virtual infrastructure provisioning, software platform provisioning, administration / operations, and outsourced backup activities
3) Provision and maintenance of the information system application hosting platform
4) Provision and maintenance of the virtual infrastructure of the information system used for the processing of health data
6) Outsourced backups of health data
Why is AWS not certified for the sub-domain 5 (Administration and operation of the information system containing the health data)?
Sub-domain 5 is not applicable to AWS, because AWS does not directly manage health data.
How does AWS' ASIP HDS certification benefit customers seeking to obtain their own ASIP HDS certification?
As per the Shared Responsibility Model, AWS' ASIP HDS certification demonstrates the "Security of the Cloud," enabling customers to focus their resources on items related to "Security in the Cloud" in connection with their ASIP HDS certification process.