AWS provides a wide range of information about its IT control environment to customers
through technical papers, reports, certifications, and other third-party attestations. This
documentation helps customers to understand the controls in place, relevant to the
AWS services they use, and how those controls have been validated. This information
also helps customers account for and validate that controls in their extended IT
environment are operating effectively solutions architect salary.
Traditionally, internal and/or external auditors validate the design and operational
effectiveness of controls by process walkthroughs and evidence evaluation. This type of
Amazon Web Services Amazon Web Services: Risk and Compliance direct observation and verification, by the customer or customer’s external auditor, is
generally performed to validate controls in traditional on-premises deployments.
In the case where service providers are used (such as AWS), customers can request
and evaluate third-party attestations and certifications. These attestations and
certifications can help assure the customer of the design and operating effectiveness of
control objective and controls validated by a qualified, independent third party. As a
result, although some controls might be managed by AWS, the control environment can
still be a unified framework where customers can account for and verify that controls are
operating effectively and accelerating the compliance review process.
Third-party attestations and certifications of AWS provide customers with visibility and
independent validation of the control environment. Such attestations and certifications
may help relieve customers of the requirement to perform certain validation work
themselves for their IT environment in the AWS Cloud.
AWS risk and compliance program
AWS has integrated a risk and compliance program throughout the organization. This
program aims to manage risk in all phases of service design and deployment and
continually improve and reassess the organization’s risk-related activities. The
components of the AWS integrated risk and compliance program are discussed in
greater detail in the following sections.
AWS business risk management
AWS has a business risk management (BRM) program that partners with AWS
business units to provide the AWS Board of Directors and AWS senior leadership a
holistic view of key risks across AWS. The BRM program demonstrates independent
risk oversight over AWS functions. Specifically, the BRM program does the following:
• Performs risk assessments and risk monitoring of key AWS functional areas
• Identifies and drives remediation of risks
• Maintains a register of known risks
To drive the remediation of risks, the BRM program reports the results of its efforts, and
escalates where necessary, to directors and vice presidents across the business to inform business decision-making.
No comments:
Post a Comment