AWS Security Assurance Services

Audit and compliance advisory services for AWS workloads

AWS Security Assurance Services LLC, a PCI-QSAC (Payment Card Industry-Qualified Security Assessor company) and HITRUST External Assessor Firm, is a team of industry certified assessors, helping you to achieve, maintain, and automate compliance in the cloud by tying together applicable audit standards to AWS service specific features and functionality. We help you build on frameworks such as PCI DSS, HITRUST CSF, NIST, SOC 2, HIPAA, ISO 27001, GDPR, and CCPA.



For existing or migrating workloads requiring PCI DSS, our services provide you with subject matter expertise in pre-assessment activities, advisory, and best practices to accelerate your path to compliance.


This service offering provides subject matter expertise on HITRUST compliance with AWS services to customers who are planning to deploy production systems requiring HITRUST compliance.

Cloud Audit Academy

Learn security and auditing concepts when operating in the cloud and specifically on AWS with our instructor-led courses.

Compliance Accelerator on AWS

This service offers customers a reduced time to compliance across a variety of frameworks including ISO 27001, NIST, SOC2, SOX, and more.

Privacy on AWS

Our senior privacy architects provide you with services to build a privacy enhanced environment to tackle regulations such as GDPR, CCPA, PIPEDA, and more.

HITRUST Validated Assessment with Coalfire

This accelerator program allows customers to achieve Health Information Trust Alliance Certifiable Information Security Framework (HITRUST CSF) Validation up to 50% faster when compared with conventional methods. The program combines deep technical knowledge of AWS Security Assurance Services, LLC (AWS SAS) with Coalfire, a HITRUST External Assessor Organization, to streamline the entirety of the HITRUST Validation lifecycle.

Coalfire Logo


Air Canada Logo
“Air Canada worked with AWS Professional Services and AWS Security Assurance services team on three strategic projects. The teams demonstrated self-sufficiency in being able to understand the high-level goals while taking ownership and driving the project forward with spectacular results in a short time. We are impressed with the team’s intellect, ability to solution, prototype, and execute.”

Suresh Subasinghe,  Director of Digital Platform Architecture, Air Canada

Air Canada Logo
“AWS’ approach to helping us understand compliance requirements and prepare for our SOC2 assessment is the best I experienced in terms of deliverables' quality, support provided, and expertise.”

Oussama Benzaouia, Chief Information Security Officer, Teads Technology

Align Business and IT to achieve and sustain PCI DSS compliance
May 2023

Read the blog »

How to use tokenization to improve data security and reduce audit scope
Jan 2022

Read the blog »
Architecting Amazon EKS for PCI DSS Compliance
June 2021
Read the whitepaper »
Automate Amazon Athena queries for PCI DSS log review using AWS Lambda
Aug 2020
Read the blog »
Architecting on Amazon ECS for PCI DSS Compliance
Jul 2020
Read the whitepaper »
Payment Card Industry Data Security Standard (PCI DSS) 3.2.1 on AWS
Apr 2020
Read the whitepaper »
How to use the AWS Security Hub PCI DSS v3.2.1 standard
Feb 2020
Read the blog »
Architecting for PCI DSS Scoping and Segmentation on AWS
June 2023
Read the whitepaper »

PCI DSS and AWS Foundational Security Best Practices on AWS

View the Quick Start »