Audit and compliance advisory services for AWS workloads

AWS Security Assurance Services LLC, a PCI-QSAC (Payment Card Industry-Qualified Security Assessor company) and HITRUST External Assessor Firm, is a team of industry certified assessors, helping you to achieve, maintain, and automate compliance in the cloud by tying together applicable audit standards to AWS service specific features and functionality. We help you build on frameworks such as PCI DSS, HITRUST CSF, NIST, SOC 2, HIPAA, ISO 27001, GDPR, and CCPA.

Offerings

PCI on AWS

For existing or migrating workloads requiring PCI DSS, our services provide you with subject matter expertise in pre-assessment activities, advisory, and best practices to accelerate your path to compliance.

HITRUST on AWS

This service offering provides subject matter expertise on HITRUST compliance with AWS services to customers who are planning to deploy production systems requiring HITRUST compliance.

Cloud Audit Academy

Learn security and auditing concepts when operating in the cloud and specifically on AWS with our instructor-led courses.

Compliance Accelerator on AWS

This service offers customers a reduced time to compliance across a variety of frameworks including ISO 27001, NIST, SOC2, SOX, and more.

Privacy on AWS

Our senior privacy architects provide you with services to build a privacy enhanced environment to tackle regulations such as GDPR, CCPA, PIPEDA, and more.

HITRUST Validated Assessment with Coalfire

This accelerator program allows customers to achieve Health Information Trust Alliance Certifiable Information Security Framework (HITRUST CSF) Validation up to 50% faster when compared with conventional methods. The program combines deep technical knowledge of AWS Security Assurance Services, LLC (AWS SAS) with Coalfire, a HITRUST External Assessor Organization, to streamline the entirety of the HITRUST Validation lifecycle.

Coalfire Logo

Testimonials

Air Canada Logo
“Air Canada worked with AWS Professional Services and AWS Security Assurance services team on three strategic projects. The teams demonstrated self-sufficiency in being able to understand the high-level goals while taking ownership and driving the project forward with spectacular results in a short time. We are impressed with the team’s intellect, ability to solution, prototype, and execute.”

Suresh Subasinghe,  Director of Digital Platform Architecture, Air Canada

How to use tokenization to improve data security and reduce audit scope
Jan 2022

Read the blog »
Architecting Amazon EKS for PCI DSS Compliance
June 2021
Read the whitepaper »
Automate Amazon Athena queries for PCI DSS log review using AWS Lambda
Aug 2020
Read the blog »
Architecting on Amazon ECS for PCI DSS Compliance
Jul 2020
Read the whitepaper »
Payment Card Industry Data Security Standard (PCI DSS) 3.2.1 on AWS
Apr 2020
Read the whitepaper »
How to use the AWS Security Hub PCI DSS v3.2.1 standard
Feb 2020
Read the blog »
Architecting for PCI DSS Scoping and Segmentation on AWS
May 2019
Read the whitepaper »
Standardized Architecture for PCI DSS Compliance on AWS
View the Quick Start »