USA and Canada

CCCS: The Canadian Centre for Cyber Security (CCCS) is Canada’s authoritative source of cyber security expert guidance for Canadian government, industry, and the general public. Public and commercial sector organisations across Canada rely on the CCCS Cloud Service Provider (CSP) Information Technology Security (ITS) Assessment Process in their decision to use AWS.

DoD CC SRG: The Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) provides a standardized assessment and authorization process for cloud service providers (CSPs) to gain a DoD provisional authorization, so that they can serve DoD customers.

“Banyan is fully-accredited to DoD CC SRG IL5 (GovCloud)”

FedRAMP: The US Federal Government is dedicated to delivering its services to the American people in the most innovative, secure, and cost-efficient fashion. Cloud computing plays a key part in how the federal government can achieve operational efficiencies and innovate on demand to advance their mission across the nation.

“Banyan is fully-accredited to FedRAMP Moderate (East/West) and FedRAMP High (GovCloud)”

HITRUST CSF: The Health Information Trust Alliance Common Security Framework (HITRUST CSF) leverages nationally and internationally accepted standards and regulations such as GDPR, ISO, NIST, PCI, and HIPAA to create a comprehensive set of baseline security and privacy controls.

Europe

C5: C5 (Cloud Computing Compliance Controls Catalogue) is the “cloud computing IT-Security” standard in Germany. Designed and released by the BSI in February 2016, the C5 control set offers additional assurance to customers in Germany as they move their complex and regulated workloads to Cloud Computing Service providers such as AWS

ENS High: AWS is Esquema Nacional de Seguridad (ENS) High certified. This certification establishes security standards that apply to all government agencies and public organizations in Spain, and service providers on which the public services are dependent on.

FINMA: The International Standard on Assurance Engagements (ISAE) 3000 is a standard which is applied for audits of internal controls, sustainability, and compliance with laws and regulations, and completion of the ISAE 3000 Type 2 Report verifies that AWS’s control environment is appropriately designed and implemented to align with certain Swiss Financial Market Supervisory Authority (FINMA) requirements applicable to regulated financial services customers.

“Banyan meets the security requirements set by the Financial Market Supervisory Authority in Switzerland”

PiTuKri: AWS has completed the PiTuKri ISAE 3000 Type 2 Report. The International Standard on Assurance Engagements (ISAE) 3000 is a standard which is applied for audits of internal controls, sustainability, and compliance with laws and regulations. AWS’s alignment with PiTuKri requirements demonstrates our continuous commitment to meeting the heightened expectations for cloud service providers set by Finnish Transport and Communications Agency, Traficom.

Asia Pacific

IRAP: The Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) security assessment services to government.

ISMAP: Information System Security Management and Assessment Program (ISMAP) is a Japanese government program for assessing the security of public cloud services. The aim of ISMAP is to enable a common set of security standards for the Cloud Service Provider (CSP) to comply as baseline requirements for government procurement.

K-ISMS: AWS is the first global cloud service provider to achieve the Korea-Information Security Management System (K-ISMS) certification. This certification helps enterprises and organiaations across Korea to meet compliance requirements more effectively, and accelerate business transformation.

MTCS: The Multi-Tier Cloud Security (MTCS) is an operational Singapore security management Standard (SPRING SS 584), based on ISO 27001/02 Information Security Management System (ISMS) standards.

OSPAR: AWS’ alignment with the Association of Banks in Singapore (ABS) Guidelines on Control Objectives and Procedures for Outsourced Service Providers (ABS Guidelines) demonstrates to customers AWS’ commitment to meeting the high expectations for cloud service providers set by the financial services industry in Singapore.

“Banyan meets the security requirements set by the financial services industry in Singapore”

Global Frameworks

GSMA: AWS Europe (Paris) and US East (Ohio) Regions are now certified by the GSM Association (GSMA) under its Security Accreditation Scheme Subscription Management (SAS-SM) with scope Data Center Operations and Management (DCOM).

PCI: The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

SOC: AWS System and Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives.