We do not claim external certifications. We monitor:
- AWS Foundational Security Best Practices
- CIS AWS Foundations Benchmark v1.2.0 (Security Hub CSPM)
- Monthly review of findings with owners and due dates
- Evidence stored in our internal tracker
- When we adopt a formal standard, we will use AWS Audit Manager