AWS Security Blog

EU Compliance Update

C5 logo

AWS made many launch announcements at AWS re:Invent 2016, including the announcement of a new compliance service, AWS Artifact. After so much recent activity, I want to highlight some EU-related news that you might have missed.

AWS has completed its assessment against the Cloud Computing Compliance Controls Catalogue (C5) information security and compliance program. Bundesamt für Sicherheit in der Informationstechnik (BSI)—Germany’s national cybersecurity authority—established C5 to define a reference standard for German cloud security requirements. With C5 (as well as with IT-Grundschutz), customers in German member states can leverage the work performed under this BSI audit to comply with stringent local requirements and operate secure workloads in the AWS Cloud. Although this is a newer program, BSI’s C5 standard is a key assurance framework that will be an authoritative program for not only German customers moving to the cloud, but also an influential one for all EU member states. C5 has comprehensive cloud-security criteria and is audited using a proven global assessment and reporting standard. AWS is the first cloud provider to achieve this certification, and it shows our commitment to Germany and the EU region.

This completed C5 assessment follows the August announcement of our transition from Safe Harbor to the EU-US Privacy Shield Framework. Though the EU-US Privacy Shield Framework does not affect the way you use or work with AWS, it ensures that you can continue to transfer data between the US and EU in an internationally recognized, compliant way. You can contact our team at privacyshield@amazon.com, or read the FAQ.

Author

Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.