Gaining and maintaining consumer trust can be an ongoing dedication at Amazon Web Services (AWS). Our customers’ market security requirements travel the scope and portfolio of compliance reviews, attestations, and certifications we go after. Following through to our announcement in November 2020 of the new EU (Zurich) Area, AWS is very happy to announce the issuance of the Swiss Economic Marketplace Supervisory Authority (FINMA) ISAE 3000 Type 2 attestation report.

The FINMA ISAE 3000 Type 2 report, conducted by an unbiased third-party audit firm, provides Swiss financial industry customers with the assurance that the AWS control environment is appropriately designed and implemented to handle key operational risks, along with risks linked to outsourcing and business continuity administration. Additionally, the document provides customers with essential help with complementary user entity controls (CUECs), which customers should think about implementing within the shared responsibility model to greatly help them adhere to FINMA’s control objectives. The time is included in the report from 4/1/2020 to 9/30/2020, with a complete of 124 AWS services and 22 worldwide Regions contained in the scope. A complete set of certified Regions and services are presented within the published FINMA report.

The report covers the five core FINMA circulars which are applicable to Swiss banks and insurers in the context of outsourcing arrangements to the cloud. These FINMA circulars are designed to assist regulated finance institutions in understanding methods to homework, third-party management, and essential organizational and technical handles that should be applied in cloud outsourcing plans, for material workloads particularly. The report’s scope covers, at length, the requirements of the next FINMA circulars:

• 2018/03 “Outsourcing – banking institutions and insurers” (31.10.2019);
• 2008/21 “Operational Risks – Banks” – Principle 4 Technologies Infrastructure (31.10.2019);
• 2008/21 “Operational Risks – Banks” – Appendix 3 Handling of electronic Customer Identifying Information (31.10.2019);
• 2013/03 “Auditing” (04.11.2020) – IT (21.04.2020);
• Business Continuity Administration (BCM) minimum specifications proposed by the Swiss Insurance policy Association (01.06.2015) and Swiss Bankers Association (29.08.2013);

The alignment of AWS with FINMA requirements demonstrates our continuous commitment to meeting the heightened expectations for cloud providers set by Swiss financial services regulators and customers. Customers may use the FINMA are accountable to conduct their homework, which may minimize the expenses and effort necessary for compliance. The FINMA statement for AWS is currently available cost-free to AWS clients within the AWS Artifact. More info on how best to download the FINMA record can be acquired here.

Some useful resources linked to FINMA:

As constantly, AWS is focused on bringing new services in to the scope of our FINMA plan in the future predicated on clients’ architectural and regulatory requirements. Please get in touch with your AWS account group for those who have questions concerning the FINMA report.

For those who have feedback concerning this post, submit remarks in the Comments section below.

Want a lot more AWS Security how-to articles, news, and show announcements? Stick to us on Twitter.