ISO , CSA, PCI-DSS and SOC Links

Cloud Security Alliance: CSA is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.” There are 3 STAR level in CSA:

1. Level 1 is self assessment
2. Level 2 is a rigorous third-party independent assessment of the security of a cloud service provider. The certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix criteria. The STAR Level 2 certification with STAR validates for cloud customers the use of best practices and the security posture of AWS cloud offerings.
3. Level 3 is Continous Monitoring.

ISO 9001:2015 : outlines a process-oriented approach to documenting and reviewing the structure, responsibilities, and procedures required to achieve effective quality management within an organization. Things like quality management system, responsibilities for management, customer satisfaction, measurement etc.

ISO/IEC 27001:2013 : is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS)

ISO/IEC 27017:2015 : provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.

ISO/IEC 27018:2019: code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002 control set.

For you AWS customers or thinking to use AWS, below are the link for our ISO certificate:

• AWS ISO 9001 certificate
• AWS ISO 27001 certificate
• AWS ISO 27017 certificate
• AWS ISO 27018 certificate

PCI DSS Level 1 : The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

PCI DSS applies to entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

SOC: AWS System and Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives.