SOC 2 Management For AWS

Configure, Monitor, and Maintain SOC 2 Security Controls In Amazon Web Services

Managing SOC 2 Compliance In AWS

SOC 2 is a compliance framework that defines criteria for managing client data, and is developed by the American Institute of CPAs (AICPA). Enterprise organizations, especially in regulated industries that utilize cloud service providers or utilize third party vendor solutions utilize SOC 2 as a minimum requirement for working with SaaS solutions and outside vendors.

Under the AWS cloud shared responsibility model, AWS is responsible for many of the physical compliance safeguards, but it is up to the cloud customer to implement administrative and technical controls and build security controls around the five SOC 2 “trust service principles”, and work to achieve SOC 2 Type II Certification.

soc 2 type 2
aws hipaa compliance

ComplyOps: SOC 2 Compliance Management

Custom Compliance Policies

SOC 2 requires that organizations set security policies and address safeguards including managing availability, creating data security controls and managing incident response. Dash enables teams to generate custom compliance policies based around on your organization’s needs, structure, and technologies. Policies are designed around Amazon Web Services and customized to streamline SOC 2 Type I and SOC 2 Type II reports.

Learn More About Administrative Policies




SOC 2 Technical Security Controls

Dash establishes a set of SOC 2 technical controls based around your organization’s established policies and procedures. Security controls are built around individual AWS cloud services, best security practices, and SOC 2 data security standards. Organization can utilize Dash “click-to-fix” remediations to resolve compliance issues with one click and maintain technical security standards.

Learn More About Technical Controls




Continuous Compliance Monitoring

Dash continuously monitors your AWS accounts for SOC 2 compliance issues. Dash detects compliance concerns in your cloud environment such as unencrypted EBS volumes, audit logging issues and S3 buckets that are open to the public, alerts your team, and provides steps for resolving issues before they become full-blown violations.

Learn More About Continuous Compliance Monitoring

Get Started With AWS SOC 2 Automation.

Address SOC 2 Trust Service Principles In AWS

Dash enables teams to build and implement compliance controls around SOC 2 “trust service principles” and streamline the process for preparing for SOC 2 certification.

Security

The Security principle refers to how system resources are protected against unauthorized access. This principle includes implementing necessary access control, network firewall, intrusion detection systems (IDS).

Availability

The Availability principle refers to the accessibility and availability of systems and core services within the organization, as well as contract and service level agreement (SLA) standards. This principle includes standards around building highly available systems, addressing service failover, resource monitoring, and contingency plans.

Processing Integrity

The Processing Integrity principle refers to the ability of systems to deliver accurate data. Data processing must be accurate, timely, and authenticated. For organizations this includes managing data integrity and setting quality assurance processes for managing data.

Confidentiality

The Confidentiality principle refers to the access and disclosure of data to authorized parties. This includes implementing standards around access control, user roles, network firewalls, and transmission encryption.

Privacy

The Privacy principle refers to system collection, use, and retention of personal information in relation to organization’s privacy policies. Security controls must be implemented to protect Personally identifiable information (PII).

Manage SOC 2 Compliance in AWS

Prepare For SOC 2 Audit In AWS


Dash enables teams to plan and implement compliance safeguards and security controls including the following

Data Protection and Privacy

Dash security policies dictate user roles, responsibilities, processes, and management of personally identifiable data and system access.

Availability and Continguency Planning

Dash provides policies around cloud service availability, backup and disaster recovery (DR), to ensure that production services and data are always accessible.

Regulatory Compliance

Dash procedures and processes enable teams to manage and monitor regulatory compliance, and mitigate regulatory compliance risk.

Continuous Security Monitoring

Dash Continuous Compliance Monitoring ensures that cloud resources have secure configuration, and alerts teams of compliance vulnerabilities.

Identity Management and Access Control

Dash security controls, together with AWS Identity Access Management (IAM) restrict system access to only authorized users, roles, and applications. Services access is restricted to avoid unauthorized access.

Data Integrity

Dash confirms that AWS services are configured with proper protections including networking, encryption, and backup. Safeguards are implemented to protect the confidentiality, integrity, and availability of information.

Get Started With Dash ComplyOps

AWS Focused Compliance Solution

Dash enables organizations to build a robust security plan and security controls for Amazon Web Services


AMI Deployed

Dash is deployed into your AWS Cloud account and allows teams to manage cloud services.

Utilize 100+ Cloud Services

Dash can be used alongside the hundreds of AWS cloud services to rapidly build, manage and get-to-market.

AWS Focused Compliance Solution

Streamline SOC 2 Compliance In The Cloud

Automate Compliance Controls for Amazon Web Services