MASEC 4: How can a company (buyer) gain
confidence in compliance and regulatory needs?
Data governance establishes the processes and responsibilities that ensure the quality, consistency, and security of the data used across organizations. In case of compliance requirements due to personal identifiable information (PII) data, the buyer needs to verify that the integrated workloads meet these requirements.
MASEC04-BP01 The seller is
using AWS services (marketplace) for data governance
Data governance is a framework to build data quality checks, identify lineage (relation) between target and source datasets, and build a data catalog over existing data in data lakes and enterprise data warehouses.
MASEC04-BP02 Document
consistent mechanisms for data classification
Ensure organizations are using AWS-supported partner solutions.
MASEC04-BP03 Document
processes to maintain data integrity within AWS services
Regulatory requirements to maintain the integrity of data are typically implemented as part of a validated application. However, by implementing controls at the AWS service-level, you can facilitate data integrity even for actions performed outside the validated application.
MASEC04-BP04 Understand both
the buyer's and seller's compliance needs
AWS supports inheritance of many security standards and compliance certifications, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, which helps you satisfy necessary compliance requirements.
