AWS whitepapers documentation change
Summary
Updated GDPR compliance documentation with more detailed information about AWS compliance programs, including ISO/IEC 27701 certification, C5 standard, and CISPE Code of Conduct. Changed document structure from PDF reference to markdown format.
Security assessment
This change enhances documentation about GDPR compliance frameworks and security standards but does not address a specific security vulnerability or incident. It adds information about security certifications and compliance programs that help customers meet GDPR requirements.
Diff
diff --git a/whitepapers/latest/navigating-gdpr-compliance/strong-compliance-framework-and-security-standards.md b/whitepapers/latest/navigating-gdpr-compliance/strong-compliance-framework-and-security-standards.md index 3ce81545a..1aed72097 100644 --- a//whitepapers/latest/navigating-gdpr-compliance/strong-compliance-framework-and-security-standards.md +++ b//whitepapers/latest/navigating-gdpr-compliance/strong-compliance-framework-and-security-standards.md @@ -1 +1 @@ -[](/pdfs/whitepapers/latest/navigating-gdpr-compliance/navigating-gdpr-compliance.pdf#strong-compliance-framework-and-security-standards "Open PDF") +[View a markdown version of this page](strong-compliance-framework-and-security-standards.md) @@ -3 +3 @@ -[Documentation](/index.html)[AWS Whitepapers](https://aws.amazon.com/whitepapers/)[AWS Whitepaper](welcome.html) +[](/pdfs/whitepapers/latest/navigating-gdpr-compliance/navigating-gdpr-compliance.pdf#strong-compliance-framework-and-security-standards "Open PDF") @@ -5 +5 @@ -This whitepaper is for historical reference only. Some content might be outdated and some links might not be available. +[Documentation](/index.html)[AWS Whitepapers](https://aws.amazon.com/whitepapers/)[AWS Whitepaper](navigating-gdpr-compliance-on-aws.html) @@ -9 +9,16 @@ This whitepaper is for historical reference only. Some content might be outdated -According to the GDPR, appropriate technical and organizational measures might need to include “…the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services,” as well as reliable restore, testing, and overall risk management processes. +The GDPR requires both controllers and processors to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These may include “…the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services,” (Article 32(1)(b) of the GDPR) as well as reliable data restoration, testing, and overall risk management processes. + +To support customers in meeting these obligations, AWS maintains a broad compliance framework grounded in international and regional standards. The following sections describe key components of this framework: + + * **AWS Compliance Programs** , which include third-party certifications and independent audit reports available through [AWS Artifact](https://aws.amazon.com/artifact/). + + * **ISO/IEC 27701 certification** , which extends AWS's existing security certifications to cover privacy-specific requirements aligned with the GDPR. + + * **Cloud Computing Compliance Criteria Catalogue (C5)** , a German federal standard that provides structured assurance for operational and cybersecurity practices in cloud environments. + + * **The CISPE Code of Conduct** , a GDPR-approved pan-European compliance framework specifically for cloud infrastructure providers, under which over 100 AWS services have been independently certified. + + + + +Together, these programs and commitments provide customers with validated evidence of the technical and organizational measures AWS has implemented and form a reliable foundation to support their own GDPR compliance efforts. Each of these elements is detailed in the sections below. @@ -17 +32 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Shared Security Responsibility Model +Future Considerations @@ -19 +34 @@ Shared Security Responsibility Model -AWS Compliance Program +AWS Compliance Programs