skip to content

IT Help and Support

University Information Services
 

AWS uses a shared responsibility model for security and compliance. Broadly, in this AWS is responsible for securing the underlying infrastructure used to deliver its cloud services while you retain responsiblity for any data that your store within your AWS Organization. However, additionally you do continue to be responsible for some elements of security and compliance when using services covered the AWS framework agreement.

The division of responsibilities for security and compliance vary between different services offered under the AWS framework agreement. You must ensure that you are aware of the elements for which you retain responsibility on a per service basis. This is normally outlined in the service description.

 

Consequently when taking any service under the AWS framework agreement you must be aware of the following:

  • AWS is responsible for securing the underlying infrastructure used to deliver its services. However, you may remain responsible for configuration settings relating to patches and maintenance. For example, in some services you may need to configure the periodicity and timings of when software updates are applied and any backups are scheduled.
  • AWS provides security and compliance information through AWS Artifact. You can use this to view Service Organization Control Reports, Payment Card Industry (PCI) Reports and check any certifications that apply to the AWS security controls in use on your AWS Organization account.

  • You can adjust the configuration settings for any service in the AWS console. Such adjustments may affect the security settings applied to your data and other arrangements relating to compliance. Training and support to assist you in developing expertise in how best to configure AWS for your needs is available.
  • The AWS General Data Protection Regulation (GDPR) Centre provides comprehensive information about how different AWS services comply with GDPR. The AWS Data Processing Addendum is incorporated into the AWS service terms.
  • You remain responsible for any data that you tranfer, process or store within AWS and the University continues to be the Data Controller for any such data. Consequently you must ensure that you have analysed the security and any data protection requirements for each of your AWS use cases and that these are appropriate for the data you intend to transfer to AWS.

If you are considering transferring, processing or storing any health data, including anonymised health data, in AWS you must consult in the Clinical School before any data transfers are made.

The University's AWS contractual terms specifically exclude AWS from any liability as a result of data loss.

UIS Service Desk

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

MCS Linux service deprecated

17 August 2022

We have deprecated the MCS Linux service because of technical and resource constraints. At its peak, MCS Linux accounted for only 2% of MCS machines deployed, and use of this service has declined steadily in recent years. Unfortunately, we have had to remove the Linux part of the service because of unforeseen technical...

New cloud research platform service from UIS

15 August 2022

Amazon Web Services (AWS) and RONIN available via UIS UIS is pleased to announce that access to Amazon Web Services (AWS) and RONIN are now available through a new University-provided cloud research platform service. If you would like to join the increasing number of Cloud users and to save around 11% on list prices for...

Change in recommended VPN client for Android users

11 August 2022

We have updated our recommendations for Android users of the UIS VPN and managed VPN services. We no longer recommend Android’s built-in VPN client because setting it up is complicated, which can lead to insecure configurations. Instead, we recommend the strongSwan client to Android users. It’s available free of charge...