Pinakes

— Banking association CCI - Third Party Qualification

Overview

HAQM Web Services (AWS) is a Pinakes-qualified cloud provider.

The Spanish banking association Centro de Cooperación Interbancaria (CCI) developed Pinakes, a rating framework intended to manage and monitor the cybersecurity controls of service providers that Spanish financial entities are dependent on.
Pinakes allows its participants to understand the cybersecurity levels of the providers they contract with. It also facilitates due diligence and compliance with related requirements arising from the European Banking Authority Guidelines (EBA/GL/2019/02).

FAQs

How can I access AWS’ Pinakes report?

The full evaluation report will be published on AWS Artifact. Pinakes participants who are AWS customers can contact their AWS account manager to request access to it.

Which AWS services are covered by the Pinakes qualification?

The AWS services that are in scope for Pinakes can be found on the AWS Services in Scope by Compliance Program page. If you would like to learn more about using these services and/or have interest in other services please contact us.

Which AWS Regions are covered by the Pinakes qualification?

The Pinakes assessment covers 31 AWS Regions worldwide, including the Europe (Spain) Region. The detailed AWS Regions list is available in the report.

How does Pinakes validate AWS controls?

AWS engaged an independent auditing firm that is qualified to perform a Pinakes assessment. The Pinakes framework currently contains 1,315 requirements under 14 domains in its version 1.0:

Information Security Management Program
Facility Security
Third Party Management
Normative Compliance
Network Controls
Access Control
Incident Management
Encryption
Secure Development
Monitoring
Malware Protection
Resilience
Systems Operation
Staff Safety

Each requirement is linked to a different security level, rated from the highest “A+” (outstanding) to the lowest “D” (basic). AWS provided demonstrated evidence for more than 1,000 controls including strength, coverage, and timeliness assertions through a detailed assessment.

How often is AWS Pinakes assessment updated?

AWS’ Pinakes assessment and evidence validation are updated annually.

Pinakes

— Banking association CCI - Third Party Qualification

Overview

HAQM Web Services (AWS) is a Pinakes-qualified cloud provider.

The Spanish banking association Centro de Cooperación Interbancaria (CCI) developed Pinakes, a rating framework intended to manage and monitor the cybersecurity controls of service providers that Spanish financial entities are dependent on.
Pinakes allows its participants to understand the cybersecurity levels of the providers they contract with. It also facilitates due diligence and compliance with related requirements arising from the European Banking Authority Guidelines (EBA/GL/2019/02).

FAQs

How can I access AWS’ Pinakes report?

The full evaluation report will be published on AWS Artifact. Pinakes participants who are AWS customers can contact their AWS account manager to request access to it.
Which AWS services are covered by the Pinakes qualification?

The AWS services that are in scope for Pinakes can be found on the AWS Services in Scope by Compliance Program page. If you would like to learn more about using these services and/or have interest in other services please contact us.
Which AWS Regions are covered by the Pinakes qualification?

The Pinakes assessment covers 31 AWS Regions worldwide, including the Europe (Spain) Region. The detailed AWS Regions list is available in the report.
How does Pinakes validate AWS controls?
AWS engaged an independent auditing firm that is qualified to perform a Pinakes assessment. The Pinakes framework currently contains 1,315 requirements under 14 domains in its version 1.0:
- Information Security Management Program
- Facility Security
- Third Party Management
- Normative Compliance
- Network Controls
- Access Control
- Incident Management
- Encryption
- Secure Development
- Monitoring
- Malware Protection
- Resilience
- Systems Operation
- Staff Safety
Each requirement is linked to a different security level, rated from the highest “A+” (outstanding) to the lowest “D” (basic). AWS provided demonstrated evidence for more than 1,000 controls including strength, coverage, and timeliness assertions through a detailed assessment.
How often is AWS Pinakes assessment updated?

AWS’ Pinakes assessment and evidence validation are updated annually.

Have Questions? Connect with an AWS Business Representative

Exploring compliance roles?

Apply today »

Want AWS Compliance updates?

Pinakes

— Banking association CCI - Third Party Qualification

Overview

FAQs

How can I access AWS’ Pinakes report?

Which AWS services are covered by the Pinakes qualification?

Which AWS Regions are covered by the Pinakes qualification?

How does Pinakes validate AWS controls?

How often is AWS Pinakes assessment updated?

Pinakes

Overview

FAQs

How can I access AWS’ Pinakes report?

Which AWS services are covered by the Pinakes qualification?

Which AWS Regions are covered by the Pinakes qualification?

How does Pinakes validate AWS controls?

How often is AWS Pinakes assessment updated?

Ending Support for Internet Explorer