Audit and compliance advisory services for AWS workloads

AWS Security Assurance Services LLC, a PCI-QSAC (Payment Card Industry-Qualified Security Assessor company) and HITRUST External Assessor Firm, is a team of industry certified assessors, helping you to achieve, maintain, and automate compliance in the cloud by tying together applicable audit standards to AWS service specific features and functionality. We help you build on frameworks such as PCI DSS, HITRUST CSF, NIST, SOC 2, HIPAA, ISO 27001, GDPR, and CCPA.

PCI QSA logo


PCI DSS on AWS - Discovery Workshop

For new application development or migrations requiring PCI DSS compliance, this one-day engagement provides you with key concepts, best practices, and available AWS and partners solutions.

PCI DSS on AWS - Implementing Compliant Architectures

For existing system deployments requiring PCI DSS compliance, this engagement provides you with subject matter expertise in pre-assement activities and requirements including administrative, technical, and physical control activities.

PCI DSS on AWS - Advisory

For sensitive workload migrations, requiring infrastructure security assisstance, this engagement provides an ad-hoc assisstance, on or offsite, to provide proper proof and evidentiary artifacts to your external auditor.

HITRUST Accelerator

For existing system deployments requiring HITRUST compliance, this engagement assists you with requirements including adminstrative, technical, and physical control activities.

Cloud Audit Academy

To reduce time-to-market for compliance workloads in the cloud, this hands-on one-day workshop provides you with learnings on foundational audit concepts.

AWS Privacy by Design

Learn the AWS Shared Responsibility Model for Data Privacy and how to leverage AWS services to help manage data privacy compliance in this immersive workshop.


Air Canada Logo
“Air Canada worked with AWS Professional Services and AWS Security Assurance services team on three strategic projects. The teams demonstrated self-sufficiency in being able to understand the high-level goals while taking ownership and driving the project forward with spectacular results in a short time. We are impressed with the team’s intellect, ability to solution, prototype, and execute.”

Suresh Subasinghe,  Director of Digital Platform Architecture, Air Canada

How to use tokenization to improve data security and reduce audit scope
Jan 2022

Read the blog »
Architecting Amazon EKS for PCI DSS Compliance
June 2021
Read the whitepaper »
Automate Amazon Athena queries for PCI DSS log review using AWS Lambda
Aug 2020
Read the blog »
Architecting on Amazon ECS for PCI DSS Compliance
Jul 2020
Read the whitepaper »
Payment Card Industry Data Security Standard (PCI DSS) 3.2.1 on AWS
Apr 2020
Read the whitepaper »
How to use the AWS Security Hub PCI DSS v3.2.1 standard
Feb 2020
Read the blog »
Architecting for PCI DSS Scoping and Segmentation on AWS
May 2019
Read the whitepaper »
Standardized Architecture for PCI DSS Compliance on AWS
View the Quick Start »