AI Governance and Compliance
- AI-related risks have led to the development of compliance standards for AI workloads.
- These standards help protect businesses and ensure fairness in decision-making.
- Depending on the industry, additional specific standards might be required.
- Regular audits are crucial for ensuring compliance with these standards.
Shared Responsibility Model
- AWS and the customer share responsibility for security and compliance.
- AWS’s Role: Ensures compliance with cloud infrastructure security (physical data centers, technology, and security).
- Customer’s Role: Ensures compliance for workloads deployed in the cloud, focusing on securing their applications and data.
AWS Security and Compliance Certifications
- AWS has rigorous security certifications and attestations for its data centers and infrastructure.
- Compliance standards include security and operational controls that are validated by external auditors.
- AWS customers inherit some compliance controls and are provided with third-party audit reports.
AWS Artifact
- AWS Artifact provides access to compliance reports from third-party auditors.
- Customers can use these reports for their own audits, reducing the scope and focus on internal processes.
- These reports cover global, regional, and industry-specific security standards.
Global Compliance Standards
- AWS complies with global standards, earning trust from customers handling sensitive workloads.
- SOC 2: Verifies security, availability, processing integrity, confidentiality, and privacy controls.
- ISO 27001: International standard for security management and comprehensive security controls.
Customer Compliance Center
- A resource hub for AWS compliance information.
- Includes compliance stories, whitepapers, and documentation to help businesses in regulated industries solve compliance challenges.
- Offers an auditor learning path to help auditing professionals understand how to use AWS Cloud for compliance.
