Identify security and regulatory requirements
It is essential to identify the regulations you need to comply with in your organization and to understand clearly what each regulation expects in terms of security controls to implement.
Keep in mind that even if AWS is certified, you may require a certification of your cloud loads, auditors can rely on documents found in AWS Artifact to verify compliance with security controls related to security OF the cloud.
In our Compliance Center you can find information for each country:
https://aws.amazon.com/financial-services/security-compliance/compliance-center
AWS Risk and Compliance Whitepaper
(includes auditor FAQs):
https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf
See also
See also the following related recommendation on the maturity model:
Create your reports for compliance (such as PCI-DSS)