This platform is hosted on Amazon Web Services (AWS) (external link), a cloud hosting service offered by Amazon.com. Specifically, it is hosted in a data center run by Amazon.com in Mumbai, India. Amazon.com has intense focus on infrastructure and procedural security for software applications hosted on AWS. This enables the platform to benefit from AWS's continued focus and innovations in cloud security and related areas.
Amazon.com maintains up-to-date help centers dedicated to Security (external link) and Compliance (external link). Greater insight into AWS security related policies and procedures for physical infrastructure can be obtained by following these links.
Key aspects of infrastructure security on AWS are listed below.
High availability and resilience
All AWS data centers comply with Tier III+ guidelines published by the Uptime Institute (external link), meaning each data center has been designed for and is operated at high availability and resilience.
Source: AWS Compliance Portal (external link)
Standards compliance
AWS data centers comply with many global and local compliance standards, including, but not limited to:
- Global standards
- CSA - Cloud Security Alliance controls
- ISO 9001 - quality
- ISO 27001 - security management controls
- ISO 27017 - cloud-specific controls
- ISO 27018 - person data protection
- United States
- FIPS - data security
- NIST - national standards
Source: AWS Compliance Portal (external link)
Independent assessment and attestation
AWS infrastructure is regularly assessed, audited and certified by competent, globally recognized third parties. The AWS Compliance Portal provides links to certificates obtained from third-party auditors for each of the compliance programs the infrastructure complies with.
Sample 1: ISO 9001:2015 certification (external link)
Sample 2: ISO 27001:2013 certification (external link)