Amazon Web Services Navigating GDPR Compliance on AWS
5
In addition, the flexibility and control that the AWS platform provides enables customers
to deploy solutions that meet several industry-specific standards3.
AWS provides a wide range of information regarding its IT control environment to
customers through whitepapers, reports, certifications, accreditations, and other third-
party attestations. For more information, see the Amazon Web Services: Risk and
Compliance whitepaper.
Cloud Computing Compliance Controls Catalog
Cloud Computing Compliance Controls Catalog (C5) is a German government-backed
attestation scheme that was introduced in Germany by the Federal Office for
Information Security (BSI). It was created to help organizations demonstrate operational
security against common cyberattacks within the context of the German government's
Security Recommendations for Cloud Providers.
The technical and organizational measures of data protection and the measures for
information security target data security to ensure confidentiality, integrity and
availability. C5 defines security requirements that can be also relevant for data
protection. The C5 attestation can be used by AWS customers and their compliance
advisors to understand the range of IT-Security assurance services that AWS offers, as
they move their workloads to the cloud. C5 adds the regulatory defined IT-Security level
equivalent to the IT-Grundschutz, with the addition of cloud-specific controls.
C5 adds more controls that provide information that pertains to data location, service
provisioning, place of jurisdiction, existing certification, information disclosure
obligations, and a full-service description. Using this information, you can evaluate how
legal regulations (such as data privacy), your own policies, or the threat environment
relate to your use of cloud computing services.