Identify security and regulatory requirements

It is essential to identify the regulations you need to comply with in your organization and to understand clearly what each regulation expects in terms of security controls to implement.

Keep in mind that even if AWS is certified, you may require a certification of your cloud loads, auditors can rely on documents found in AWS Artifact to verify compliance with security controls related to security OF the cloud.

In our Compliance Center you can find information for each country:

Identifying Required Regulations

AWS Risk and Compliance Whitepaper

(includes auditor FAQs):

See also

See also the following related recommendation on the maturity model:
Create your reports for compliance (such as PCI-DSS)