PiTuKri ISAE 3000 Type II Report

Overview

Amazon Web Services (AWS) has completed the PiTuKri ISAE 3000 Type 2 Report. The International Standard on Assurance Engagements (ISAE) 3000 is a standard which is applied for audits of internal controls, sustainability, and compliance with laws and regulations, and completion of the ISAE 3000 Type 2 Report verifies that AWS’s control environment is appropriately designed and implemented to align with Criteria for Assessing the Information Security of Cloud Services (PiTuKri) requirements. AWS’s alignment with PiTuKri requirements demonstrates our continuous commitment to meeting the heightened expectations for cloud service providers set by Finnish Transport and Communications Agency, Traficom.

The PiTuKri ISAE 3000 Type 2 Report, conducted by an independent third party audit firm, provides Finnish customers with the assurance that AWS’s control environment is appropriately designed and operating effectively to address security requirements expected from cloud service providers. Additionally, the report provides customers with important guidance on complementary user entity controls (CUECs), which they should consider implementing as part of AWS’s Shared Responsibility Model to help them comply with PiTuKri requirements. Customers can use the AWS’ PiTuKri ISAE 3000 report as a tool to conduct their due diligence on AWS, which may minimize the effort and costs required for compliance.

Finland flag

FAQs

Criteria for Assessing the Information Security of Cloud Services (PiTuKri) is a guidance document published by Traficom’s Cyber Security Centre for assessing the security of cloud computing services.

The AWS services that are in scope of the PiTuKri attestation report can be found within AWS Services in Scope by Compliance Program.

The PiTuKri ISAE 3000 Type 2 Report, conducted by an independent third party audit firm, provides Finnish customers with the assurance that AWS’s control environment is appropriately designed and operating effectively to address security requirements expected from cloud service providers. Additionally, the report provides customers with important guidance on complementary user entity controls (CUECs), which they should consider implementing as part of AWS’s Shared Responsibility Model to help them comply with PiTuKri requirements. Customers can use the AWS’ PiTuKri ISAE 3000 report as a tool to conduct their due diligence on AWS, which may minimize the effort and costs required for compliance.

Yes. The audit report can be downloaded via AWS Artifact.

PiTuKri is designed to meet Finland’s national needs, the criteria are intended for use by customers to assess the security of cloud services. AWS takes compliance seriously and offers tools such as this ISAE3000 report for our Finnish customers to assess AWS against the PiTuKri requirements.
Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »