[ad_1]
We’re excited to announce that Amazon Internet Companies (AWS) has accomplished its fifth annual Collaborative Cloud Audit Group (CCAG) pooled audit with European monetary providers establishments underneath regulatory supervision.
At AWS, safety is the best precedence. As prospects embrace the scalability and suppleness of AWS, we’re serving to them evolve safety and compliance into key enterprise enablers. We’re obsessive about incomes and sustaining buyer belief, and offering our monetary providers prospects and their regulatory our bodies with the assurances that AWS has the mandatory controls in place to assist defend their most delicate materials and controlled workloads.
With the rising digitalization of the monetary trade, and the significance of cloud computing as a key enabling expertise for digitalization, the monetary providers trade is experiencing larger regulatory scrutiny. Our annual audit engagement with CCAG is an instance of how AWS helps prospects’ threat administration and regulatory efforts. For the fifth 12 months, the CCAG pooled audit meticulously assessed the AWS controls that allow us to assist defend prospects’ information and materials workloads, whereas satisfying strict regulatory obligations.
CCAG represents greater than 50 main European monetary providers establishments and has grown steadily since its founding in 2017. Primarily based on its mission to supply organizational and logistical help to members in order that they’ll conduct pooled audits with excellence, effectivity, and integrity, the CCAG audit was initiated primarily based on prospects’ proper to conduct an audit of their service suppliers underneath the European Banking Authority (EBA) outsourcing suggestions to cloud service suppliers (CSPs).
Audit preparations
Utilizing the Cloud Controls Matrix (CCM) of the Cloud Safety Alliance (CSA) because the framework of reference for the CCAG audit, auditors scoped in key domains and controls to audit, akin to id and entry administration, change management and configuration, logging and monitoring, and encryption and key administration.
The scope of the audit focused particular person AWS providers, akin to Amazon Elastic Compute Cloud (Amazon EC2), and particular AWS Areas the place monetary providers establishments run their workloads, such because the Europe (Frankfurt) Area (eu-central-1).
Throughout this section, to assist present auditors with a typical cloud-specific information and language base, AWS gave varied academic and alignment periods. We provided entry to our on-line sources akin to Ability Builder, and delivered onsite briefing and orientation periods in Paris, France; Barcelona, Spain; and London, UK.
Audit fieldwork
This section began after a joint kick-off in Berlin, Germany, and used a hybrid strategy, with work occurring remotely by means of the usage of videoconferencing and a safe audit portal for the inspection of proof, and onsite at Amazon’s HQ2, in Arlington, Virginia, within the US.
Auditors assessed AWS insurance policies, procedures, and controls, following a risk-based strategy and utilizing sampled proof and entry to material specialists (SMEs).
Audit outcomes
After a joint closure ceremony onsite in Warsaw, Poland, auditors finalized the audit report, which included the next optimistic suggestions:
“CCAG wish to thank AWS for serving to in attaining the audit aims and to advocate on CCAG’s behalf to acquire the required assurances. In consequence, CCAG was in a position to execute the audit in accordance with agreed timelines, and train audit rights in step with contractual circumstances.”
The outcomes of the CCAG pooled audit can be found to the individuals and their respective regulators solely, and supply CCAG members with assurance relating to the AWS controls setting, enabling members to work to take away compliance blockers, speed up their adoption of AWS providers, and procure confidence and belief within the safety controls of AWS.
In case you have suggestions about this publish, submit feedback within the Feedback part under. In case you have questions on this publish, contact AWS Help.
Need extra AWS Safety information? Observe us on Twitter.
Manuel Mazarredo
Manuel is a safety audit program supervisor at AWS primarily based in Amsterdam, the Netherlands. Manuel leads safety audits, attestations, and certification applications throughout Europe. For the previous 18 years, he has labored in data programs audits, moral hacking, venture administration, high quality assurance, and vendor administration throughout a wide range of industries.
Andreas Terwellen
Andreas is a senior supervisor in safety audit assurance at AWS, primarily based in Frankfurt, Germany. His workforce is accountable for third-party and buyer audits, attestations, certifications, and assessments throughout Europe. Beforehand, he was a CISO in a DAX-listed telecommunications firm in Germany. He additionally labored for various consulting corporations managing massive groups and applications throughout a number of industries and sectors.
[ad_2]
Source link
