Life Sciences

Navigating GDPR Compliance on AWS

Issue link:

Contents of this Issue


Page 9 of 31

Amazon Web Services Navigating GDPR Compliance on AWS 5 In addition, the flexibility and control that the AWS platform provides enables customers to deploy solutions that meet several industry-specific standards3. AWS provides a wide range of information regarding its IT control environment to customers through whitepapers, reports, certifications, accreditations, and other third- party attestations. For more information, see the Amazon Web Services: Risk and Compliance whitepaper. Cloud Computing Compliance Controls Catalog Cloud Computing Compliance Controls Catalog (C5) is a German government-backed attestation scheme that was introduced in Germany by the Federal Office for Information Security (BSI). It was created to help organizations demonstrate operational security against common cyberattacks within the context of the German government's Security Recommendations for Cloud Providers. The technical and organizational measures of data protection and the measures for information security target data security to ensure confidentiality, integrity and availability. C5 defines security requirements that can be also relevant for data protection. The C5 attestation can be used by AWS customers and their compliance advisors to understand the range of IT-Security assurance services that AWS offers, as they move their workloads to the cloud. C5 adds the regulatory defined IT-Security level equivalent to the IT-Grundschutz, with the addition of cloud-specific controls. C5 adds more controls that provide information that pertains to data location, service provisioning, place of jurisdiction, existing certification, information disclosure obligations, and a full-service description. Using this information, you can evaluate how legal regulations (such as data privacy), your own policies, or the threat environment relate to your use of cloud computing services.

Articles in this issue

Links on this page

view archives of Life Sciences - Navigating GDPR Compliance on AWS