AWS Config is a service that lets you track the resources running in your AWS environment and evaluate them against a set of defined rules. When preparing for an audit, it’s essential to know what resources fall under the scope of an audit and the state of those resources. Let’s look at how AWS can help this healthcare technology company prepare for any upcoming audits. AWS Audit Manager and AWS Organizations.For more information on enabling these services with AWS Organizations, see below: AWS Artifact allows for agreements to be accepted on behalf of member accounts within an organization, even as new reports or accounts are added. AWS Config collects data from multiple regions and multiple accounts through the use of an aggregator. AWS Audit Manager allows you to gather evidence from multiple AWS accounts. This example will use a single AWS account for illustrative purposes, but all of the services in this post integrate well with AWS Organizations. HIPAA CFR 164.312(a)(2)(iv) states “Implement a mechanism to encrypt and decrypt electronic protected health information”, and we’ll be focusing on encryption at rest controls to align with this CFR. This post will walk through the details of one particular compliance control, 164.312(a)(2)(iv). The company must also demonstrate its compliance posture and provide adequate evidence during audits. Therefore, they must have technical controls to make sure of the protection and privacy of that data. This company has a platform that hosts and processes Protected Health Information (PHI). Other customers may want to demonstrate their operational readiness with a SOC 2 certification, regardless of legal regulations.įor illustration purposes, let’s take a healthcare technology company that aligns with the Health Insurance Portability and Accountability Act (HIPAA). Additional compliance needs may arise while working with PCI-DSS if processing credit cards. For example, AWS customers may fall under the EU’s General Data Protection Regulation (GDPR) when working with data from European Union citizens. ExampleĪpplicable laws and regulations can vary based on several factors, such as location and number of employees. Let’s dive into these services and see how they can help. In this post, I demonstrate how you can use AWS services to help you automate the collection of evidence used in audits ( AWS Audit Manager), monitor your environment through a compliance lens ( AWS Config), and gain access to AWS’ security and compliance reports ( AWS Artifact). Regardless of the regulations or standards, AWS provides services and resources that help our customers prepare to meet those requirements. Given today’s digital, global economy, customers have various governance needs based upon their geographies.
AWS customers represent a range of different verticals, locations, and sizes.
0 kommentar(er)
