Annex 3 - Technical and organizational measures
Confidentiality Protection
AWS Inc. fulfills the following certifications (SOC1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC2, SOC3, FISMA, DoD SRG, PCI DSS Level 1, ISO 9001 / ISO 27001, ITAR, FIPS 140-2, MCTS Tier3) and implements AWS Inc. the requirements catalog Cloud Computing (C5) of the Federal Office for Information Security.
Access
Unauthorized persons must be denied access to data processing systems.
Office level
– Alarm system
– Security locks
– Key regulation
Application level (including AWS)