Customer cloud compliance governance - Amazon Web Services: Risk and Compliance

Customer cloud compliance governance

AWS customers are responsible for maintaining adequate governance over their entire IT control environment, regardless of how or where IT is deployed. Leading practices include:

  • Understanding the required compliance objectives and requirements (from relevant sources)

  • Establishing a control environment that meets those objectives and requirements

  • Understanding the validation required based on the organization’s risk tolerance

  • Verifying the operating effectiveness of their control environment

Deployment in the AWS Cloud gives enterprises different options to apply various types of controls and various verification methods.

Strong customer compliance and governance may include the following basic approach:

  1. Reviewing the AWS Shared Responsibility Model, AWS Security Documentation, AWS compliance reports, and other information available from AWS, together with other customer-specific documentation. Try to understand as much of the entire IT environment as possible, and then document all compliance requirements into a comprehensive cloud control framework.

  2. Designing and implementing control objectives to meet the enterprise compliance requirements as laid out in the AWS Shared Responsibility Model.

  3. Identifying and documenting controls owned by outside parties.

  4. Verifying that all control objectives are met and all key controls are designed and operating effectively.

Approaching compliance governance in this manner will help customers gain a better understanding of their control environment and will help clearly delineate the verification activities to be performed.