SOC 2 - AWS Audit Manager

SOC 2

SOC 2 is an auditing procedure that ensures a company's data is securely managed. AWS Audit Manager provides a prebuilt framework that supports SOC 2 to assist you with your audit preparation.

What is SOC 2?

System and Organization Controls (SOC), defined by the American Institute of Certified Public Accountants (AICPA), is the name of a suite of reports produced during an audit. It's intended for use by service organizations (organizations that provide information systems as a service to other organizations) to issue validated reports of internal controls over those information systems to the users of those services. The reports focus on controls grouped into five categories known as Trust Service Principles.

AWS SOC reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the AWS controls established to support operations and compliance. There are five AWS SOC reports:

  • AWS SOC 1 Report, available to AWS customers from AWS Artifact.

  • AWS SOC 2 Security, Availability & Confidentiality Report, available to AWS customers from AWS Artifact.

  • AWS SOC 2 Security, Availability & Confidentiality Report available to AWS customers from AWS Artifact (scope includes Amazon DocumentDB only).

  • AWS SOC 2 Privacy Type I Report, available to AWS customers from AWS Artifact.

  • AWS SOC 3 Security, Availability & Confidentiality Report, publicly available as a whitepaper.

Use AWS Audit Manager to support your audit preparation

AWS Audit Manager provides a prebuilt framework that structures and automates assessments based on AWS best practices. This framework includes a prebuilt collection of controls with descriptions and testing procedures. It contains 21 automated controls and 40 manual controls.

SOC 2 is an auditing procedure that ensures a company's data is securely managed protecting the interests of the organization and privacy of clients. You can use the AWS Audit Manager framework for SOC 2 to prepare for audits. The controls in this AWS Audit Manager framework aren't intended to verify whether your systems are compliant. Moreover, they can't guarantee that you will pass an assessment. AWS Audit Manager doesn't automatically check procedural controls that require manual evidence collection.

You can find the SOC 2 framework under the Standard frameworks tab of the Framework library in Audit Manager.

For instructions on how to create an assessment using this framework, see Creating an assessment. For instructions on how to customize this framework to support your specific requirements, see Customizing an existing framework and Customizing an existing control.