AWS IoT services and compliance

AWS serves a variety of customers, including those in regulated industries. Providing highly secure and resilient infrastructure and services to our customers is a top priority for AWS. Customers can use the tools, services and guidance which AWS offers to manage their risk appropriately and understand how to achieve compliance in the AWS Cloud. Through our shared responsibility model, we help customers to manage risk effectively and efficiently in the IT environment, and provide assurance of effective risk management through our compliance with established, widely recognized, frameworks, and programs. AWS has integrated a risk and compliance program throughout the organization, including AWS IoT services. This program aims to manage risk in all phases of service design and deployment and continually improve and reassess the organization’s risk-related activities. AWS regularly undergoes independent third-party attestation audits to provide assurance that control activities are operating as intended. More specifically, AWS is audited against a variety of global and regional security frameworks dependent on region and industry. AWS participates in over 50 different audit programs such as International Standards Organization 27001 (ISO), Payment Card Industry Data Security Standard (PCI), and the Service Organization Control (SOC) reports, among other international, national, and sectoral accreditations.

AWS is sensitive to the fact that customers might have specific compliance requirements that must be demonstrated and complied with. Keeping this in mind, AWS continually adds services that align with compliance programs based on customer demand. For more information, refer to AWS Services in Scope by Compliance Program and AWS Artifact for on-demand access to AWS’ compliance reports.