VMware Cloud on AWS

VMware Cloud on AWS – Unlocking Cloud Compliance Globally – Part 2

We are extremely delighted to bring you the part-2 of the VMware Cloud on AWS compliance blog. In our previous blog  Unlocking Cloud Compliance Globally, we focused on compliance certifications and white papers delivered during 2020-21, since then we have added a range of new compliance certifications and white papers across APJ, EMEA and US and successfully renewed our existing compliance certifications such as ISO 27001/17/18, SOC2 and PCI-DSS.

At VMware we believe in offering best in class product offerings without compromising on security and availability. Our compliance solutions address wide range of customers in Government, Financial services and Healthcare industries, meeting some of the toughest security compliance mandates. For full list of compliance offerings visit Trust Center (vmware.com)

Global Compliance Offerings

HIPAA: The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that mandates requirements to protect sensitive patient health required the creation of national standards for the security and privacy of Protected Health Information (PHI). VMware Cloud on AWS has successfully completed the HIPAA external assessment. For a copy of the HIPAA report, please reach out to your account manager.

Asia Pacific and Japan Compliance Offerings

VMware has added new compliance certifications and white papers to its existing portfolio of APJ compliance offerings.

Australia –  IRAP Cloud Security Assessment: VMware Cloud on AWS has successfully completed the IRAP cloud security assessment. The IRAP Cloud Security Assessment demonstrates our compliance against the Australian Information Security Manual (ISM) and Protective Security Policy Framework (PSPF) and shows VMware Cloud on AWS’ suitability to handle Australian Government data. VMware engaged Foresight Inc, a registered IRAP assessor to evaluate the service at PROTECTED level. VMware is committed to supporting government IT organizations worldwide and continues to expand our compliance programs to meet the most demanding security and compliance requirements. The IRAP Cloud Security Assessment enhances our capability to support Australian Government customers through their cloud migration journey, expand digital capabilities and accelerate service delivery with stringent governance and control. For a copy of the IRAP Cloud Security Assessment report, please contact your account manager.    
Japan – Information system Security Management and Assessment Program (ISMAP): ISMAP is a system to evaluate and register cloud services that meet the security requirements of the Japanese government in advance.  VMware Cloud on AWS has completed the Japan ISMAP assessment and submitted the results to the Japanese Information Technology Promotion Agency (IPA) for evaluation. ISMAP aims to ensure the security level of government cloud service procurement by evaluating and registering cloud services that meet the government’s security requirements in advance, thereby contributing to the smooth introduction of cloud services.
Singapore – Outsourced Service Provider Audit Report (OSPAR): In Singapore, the Association of Banks (ABS) have established a set of guidelines and control procedures that outsourced service providers should meet when servicing a financial institution based in Singapore. These are called Outsourced Service Providers Audit Report (OSPAR) guidelines. VMware Cloud on AWS has undergone a rigorous external audit and successfully completed the OSPAR attestation. Customers wishing to migrate workloads to VMware Cloud on AWS can use our OSPAR report to evaluate VMware Cloud on AWS’ controls and processes and assess how we address the relevant security and compliance risks and support customers in seamlessly migrating workloads to cloud. For a copy of the OSPAR report please contact your account manager.  
Japan – FISC (The Center for Financial Industry Information Systems) White paper: The FISC Guidelines for Computer Systems for Financial Services” are set of information security guidelines for financial institutions in Japan. Our white paper on FISC demonstrates how VMware Cloud on AWS helps financial institutions address the requirements in these guidelines.

EMEA Compliance Offerings

Germany – C5 White paper: The Cloud Computing Compliance Controls Catalogue is a set of cloud security guidelines prescribed by the German Federal Office of Information Security (BSI). C5 is based on some of the leading international standards such as ISO27001/17/18, AICPA SOC2, Cloud Security Alliance ANSSI Référentiel Secure Cloud 2.0, IDW and BSI IT-Grundschutz Catalogues. While VMware is yet to undergo the C5 certification, we have published a white paper on C5 demonstrates how we address the control requirements in C5 through our existing compliance offerings.
Germany – BaFIN Cloud Outsourcing Guidelines White paper: The German federal financial supervisory authority – Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) released guidance in November 2018 for regulated financial entities on outsourcing to cloud service providers. VMware Cloud on AWS BaFin white paper describes how we address the contractual requirements prescribed in the BaFIN guidelines. See white paper at vmware-cloud-on-aws-germany-bafin-cloud-outsourcing-guidelines-whitepaper.pdf

If you would like to learn more about VMware Cloud on AWS, here are some learning resources for you: