What is the purpose of the Service organization Controls SOC reports found on AWS artifact?
|
Show Chris Kuo/Dr. Dataman Aug 19, 2021 20 min read Security: People may concern if their data are safe on cloud. AWS had designed multiple layers to secure data and services at the highest level. Security is achieved by controlling who can access (authorize) to what services (authenticate). In this Section you will learn how to use the Identity and Access Management (IAM) service to control who… AWS Artifact is a portal that provides an enterprise with access to security and compliance reports that apply to the Amazon Web Services (AWS) public cloud. A user can download reports and other internal AWS documents via Artifact to ensure and demonstrate to auditors or regulators that the AWS offerings he or she uses meet security and compliance standards. These reports can also provide guidance to team members, such as developers, to ensure that they also adhere to these standards. Examples of the reports found in AWS Artifact include those that relate to the International Organization for Standardization (ISO), Payment Card Industry Data Security Standard (PCI DSS) and Service Organization Control (SOC). AWS classifies all reports, called artifacts, into two categories: public and confidential. Public artifacts are available to all AWS accounts. Confidential artifacts require approval from Amazon, and, in some cases, require that the requesting customer sign a non-disclosure agreement to receive the report. An admin can restrict or distribute access to an artifact with AWS Identity and Access Management permissions. The shared responsibility model requires AWS to secure compliance documents in the cloud, but, if a user downloads an agreement, he or she must secure the downloaded document. Each downloaded artifact comes with a unique, trackable watermark. AWS Artifact also includes descriptions of all reports that detail their applicable date ranges, geographic regions and cloud services. Another feature of the portal, called AWS Artifact Agreements, enables a user to view, accept and monitor the status of a Business Associate Addendum (BAA) agreement. AWS typically requires companies to adhere to a BAA agreement if they are subject to the Health Insurance Portability and Accountability Act and deal with protected health information. An AWS user has global on-demand access to AWS Artifact through the AWS Management Console. AWS does not impose a charge for Artifact and Artifact Agreements. This was last updated in April 2018 Continue Reading About AWS Artifact
Dig Deeper on AWS infrastructure
What is the purpose of a service organization control SOC report?A service organization controls (SOC) report (not to be confused with the other SOC acronym, security operations center) is a way to verify that an organization is following some specific best practices before you outsource a business function to that organization.
Which AWS service allows customers to download AWS SOC & PCI reports?You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports.
How often are AWS SOC reports released?SOC reports are audits performed over a time period and don't expire. AWS auditors perform SOC audits twice a year over a period of 6 months: Oct 1–Mar 31 and Apr 1–Sept 30. When the audit period is over, AWS auditors prepare the audit report and release the report in May and November.
What do SOC reports look for?What Should I Look for When Reviewing a SOC Report? For a SOC audit performed on your organization, specifically, you should review the auditor's opinion, CUECs, points of non-compliance, as well as deviations and responses.
|
