Issue link: https://read.uberflip.com/i/1191854
Amazon Web Services Navigating GDPR Compliance on AWS 26 This enables the data protection by design approach, because security processes and policies can be included in the definition of your architecture, and can also be continuously monitored by security measures in your organization. How AWS Can Help Area Description AWS Services and Tools Strong Compliance Framework Appropriate technical and organizational measures may need to include "the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services." SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3 PCI DSS Level 1 ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 NIST FIPS 140-2 Common Cloud Computing Controls Catalog (C5) Data Access Control The controller "shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data that are necessary for each specific purpose of the processing are processed." AWS Identity and Access Management (IAM) Amazon Cognito AWS WAF AWS CloudFormation AWS Systems Manager Monitoring and Logging "Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities under its responsibility." AWS CloudTrail AWS Config Amazon CloudWatch AWS Control Tower Amazon GuardDuty AWS Security Hub Protecting your Data on AWS Organizations must "implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data." AWS Tools and SDKs AWS CloudHSM AWS Key Management Service