AWS and SOC reporting, what you need to know

AWS is a leading provider of cloud infrastructure services that provide business-critical functions for SaaS and PaaS organizations. However, using AWS includes the inherent risk of using a subservice that requires monitoring activities by these organizations. One of the best ways to ensure trust and confidence in your financial and security control posture for risk management is through an AICPA SOC report.

Obtaining an AICPA SOC 1 or SOC 2 report provides an independent attestation of your organization’s controls related to financial reporting (SOC 1) or non-financial reporting (SOC 2 - security, availability, etc.) to understand if controls are in line with client expectations, regulations, and requirements. SOC 2 reports are on the rise as cloud organizations are requesting these reports of each other to better understand the service organization and subservice organization’s commitments to both financial and IT security.

Join the leaders of Coalfire’s SOC practice, Jeffrey Cook, Engagement Partner, and Dixon Wright, Managing Principal, as they discuss considerations, efficiencies and lessons learned from completing SOC engagements for organizations that leverage AWS.

The webinar will cover components of conducting a SOC 2 report for organizations that leverage AWS for IaaS services. Attendees will learn:

  • The value of SOC reporting
  • Which AWS SOC validations can be leveraged
  • How your SOC audit will be affected by leveraging AWS
  • The carve-out vs. inclusive method for reporting subservice organization controls (e.g. AWS)
  • The myth that your organization is covered under AWS’ SOC 2 report (spoiler alert! - you aren’t)
  • Responsibility matrix – the shared, AWS-specific, and client-specific responsibilities under SOC

Leading Experience in Amazon Web Services, Cybersecurity, and AICPA regulations.

Coalfire is a diverse professional services firm offering cybersecurity and advisory, risk management, compliance, technical testing, and engineering services. Coalfire (through its acquisition of Veris Group) is an AWS Consulting Partner Network member that was recently designated with Government competency.

Coalfire is a leader in cloud security assessment and advisory services, including AICPA SOC audits. We work with AWS as their FedRAMP and PCI DSS assessor, as well as other compliance work for cloud organizations that leverage AWS for infrastructure services. A SOC report from Coalfire combines the benefits of our IT security and CPA knowledge to maximize the benefits of your SOC with AWS experience.

This webinar requires registration. Please fill out the form to instantly receive access.

AWS and SOC reporting, what you need to know