LOVIS provides the access to LOVIS EOS system and usage service through the Amazon Web Services (AWS) datacentre. AWS Information Technology Infrastructure is designed and managed according to best practices and security standards. The following is a partial list of security programs and certificates that AWS complies with:
- ISO 9001, ISO 27001, ISO 27017
- SOC 1/ISAE 3402, SOC 2, SOC 3
- FISMA, DIACAP, and FedRAMP
- PCI DSS Level 1
ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls in accordance with ISO 27002 best practices guidance. The basis of this certification is the development and implementation of a strict security program, including the development and implementation of an Information Security Management System (ISMS) that defines how AWS perpetually manages in a holistic, comprehensive manner.
This widely-recognized international security standard specifies that AWS do the following:
- We systematically evaluate our information security risks, taking into account the impact of threats and vulnerabilities.
- We design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
- We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.
ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.