Skip to main content

AWS Cloud Security

Pinakes

— Banking association CCI - Third Party Qualification

Overview

Amazon Web Services (AWS) is a Pinakes-qualified cloud provider.

The Spanish banking association Centro de Cooperación Interbancaria (CCI) developed Pinakes, a rating framework intended to manage and monitor the cybersecurity controls of service providers that Spanish financial entities are dependent on.

Pinakes allows its participants to understand the cybersecurity levels of the providers they contract with. It also facilitates due diligence and compliance with related requirements arising from the European Banking Authority Guidelines (EBA/GL/2019/02).

Missing alt text value

FAQs

The full evaluation report will be published on AWS Artifact. Pinakes participants who are AWS customers can contact their AWS account manager to request access to it

The AWS services that are in scope for Pinakes can be found on the AWS Services in Scope by Compliance Program page. If you would like to learn more about using these services and/or have interest in other services please contact us.

The Pinakes assessment covers 31 AWS Regions worldwide, including the Europe (Spain) Region. The detailed AWS Regions list is available in the report.

AWS engaged an independent auditing firm that is qualified to perform a Pinakes assessment. The Pinakes framework currently contains 1,315 requirements under 14 domains in its version 1.0:

  • Information Security Management Program
  • Facility Security
  • Third Party Management
  • Normative Compliance
  • Network Controls
  • Access Control
  • Incident Management
  • Encryption
  • Secure Development
  • Monitoring
  • Malware Protection
  • Resilience
  • Systems Operation
  • Staff Safety
Each requirement is linked to a different security level, rated from the highest “A+” (outstanding) to the lowest “D” (basic). AWS provided demonstrated evidence for more than 1,000 controls including strength, coverage, and timeliness assertions through a detailed assessment.

AWS’ Pinakes assessment and evidence validation are updated annually.