AWS Security Assurance Services

Audit and compliance advisory services for AWS workloads

AWS Security Assurance Services LLC, a PCI-QSAC (Payment Card Industry-Qualified Security Assessor company) and HITRUST External Assessor Firm, is a team of industry certified assessors, helping you to achieve, maintain, and automate compliance in the cloud by tying together applicable audit standards to AWS service specific features and functionality. We help you build on frameworks such as PCI DSS, HITRUST CSF, NIST, SOC 2, HIPAA, ISO 27001, GDPR, and CCPA.

How to Pass Your Compliance Audit With AWS
Read the article >>


Compliance Accelerator on AWS

This service offers customers a reduced time to compliance across a variety of frameworks including ISO 27001, NIST, SOC2, SOX, and more.

Cloud Audit Academy

Learn security and auditing concepts when operating in the cloud and specifically on AWS with our instructor-led courses.


For existing or migrating workloads requiring PCI DSS, our services provide you with subject matter expertise in pre-assessment activities, advisory, and best practices to accelerate your path to compliance.


This service offering provides subject matter expertise on HITRUST compliance with AWS services to customers who are planning to deploy production systems requiring HITRUST compliance.

Privacy on AWS

Our senior privacy architects provide you with services to build a privacy enhanced environment to tackle regulations such as GDPR, CCPA, PIPEDA, and more.

HITRUST Validated Assessment with Coalfire

This accelerator program allows customers to achieve Health Information Trust Alliance Certifiable Information Security Framework (HITRUST CSF) Validation up to 50% faster when compared with conventional methods. The program combines deep technical knowledge of AWS Security Assurance Services, LLC (AWS SAS) with Coalfire, a HITRUST External Assessor Organization, to streamline the entirety of the HITRUST Validation lifecycle.

Coalfire Logo


Air Canada Logo
“Air Canada worked with AWS Professional Services and AWS Security Assurance services team on three strategic projects. The teams demonstrated self-sufficiency in being able to understand the high-level goals while taking ownership and driving the project forward with spectacular results in a short time. We are impressed with the team’s intellect, ability to solution, prototype, and execute.”

Suresh Subasinghe,  Director of Digital Platform Architecture, Air Canada

Air Canada Logo
“AWS’ approach to helping us understand compliance requirements and prepare for our SOC2 assessment is the best I experienced in terms of deliverables' quality, support provided, and expertise.”

Oussama Benzaouia, Chief Information Security Officer, Teads Technology

MasterControl Logo
"Securing FedRAMP authorization is no small effort. We needed a partner that had deep expertise in FedRAMP compliance and could educate our team on AWS architecture and best practices. AWS Professional Services delivered on this ask and exceeded our expectations."

Matt Lowe, Chief Strategy Officer

"Through the expertise of AWS SAS and ProServe consultants, we attained PCI DSS and 3DS compliance, broadened our presence to the USA, and established a fortified PCI infrastructure. Their insightful guidance instilled confidence, ensuring smooth compliance oversight. Thanks to AWS SAS's knowledgeable and seasoned consultants, what appeared daunting and unattainable due to our accelerated product release date and tight timeline, transformed into success. Their proficiency ensured our product met PCI standards, priming it for a successful launch in the US market via AWS."

 Richard Bailey, EVP Engineering, Entersekt

PCI DSS v4.0 on AWS Compliance Guide now available
Oct 2023

Read the blog »
Architecting for PCI DSS Scoping and Segmentation on AWS
June 2023
Read the whitepaper »

A phased approach towards a complex HITRUST r2 validated assessment
Oct 2023

Read the blog »

Align Business and IT to achieve and sustain PCI DSS compliance
May 2023

Read the blog »

How to use tokenization to improve data security and reduce audit scope
Jan 2022

Read the blog »
Architecting Amazon EKS for PCI DSS Compliance
June 2021
Read the whitepaper »
Automate Amazon Athena queries for PCI DSS log review using AWS Lambda
Aug 2020
Read the blog »
Architecting on Amazon ECS for PCI DSS Compliance
Jul 2020
Read the whitepaper »

PCI DSS and AWS Foundational Security Best Practices on AWS

View the Quick Start »

How to Hire and Develop Security Assurance Talent

Watch the video >>

How to Pass Your Compliance Audit with AWS

Listen to the podcast >>

Architecting Amazon EKS and Bottlerocket for PCI DSS Compliance
Jan 2024

Read the whitepaper >>

Transforming Transactions: Streamlining PCI Compliance with AWS Serverless Architecture
Jan 2024

Read the blog >>