skip to content

IT Help and Support

University Information Services
 

AWS uses a shared responsibility model for security and compliance. Broadly, in this AWS is responsible for securing the underlying infrastructure used to deliver its cloud services while you retain responsiblity for any data that your store within your AWS Organization. However, additionally you do continue to be responsible for some elements of security and compliance when using services covered the AWS framework agreement.

The division of responsibilities for security and compliance vary between different services offered under the AWS framework agreement. You must ensure that you are aware of the elements for which you retain responsibility on a per service basis. This is normally outlined in the service description.

 

Consequently when taking any service under the AWS framework agreement you must be aware of the following:

  • AWS is responsible for securing the underlying infrastructure used to deliver its services. However, you may remain responsible for configuration settings relating to patches and maintenance. For example, in some services you may need to configure the periodicity and timings of when software updates are applied and any backups are scheduled.
  • AWS provides security and compliance information through AWS Artifact. You can use this to view Service Organization Control Reports, Payment Card Industry (PCI) Reports and check any certifications that apply to the AWS security controls in use on your AWS Organization account.

  • You can adjust the configuration settings for any service in the AWS console. Such adjustments may affect the security settings applied to your data and other arrangements relating to compliance. Training and support to assist you in developing expertise in how best to configure AWS for your needs is available.
  • The AWS General Data Protection Regulation (GDPR) Centre provides comprehensive information about how different AWS services comply with GDPR. The AWS Data Processing Addendum is incorporated into the AWS service terms.
  • You remain responsible for any data that you tranfer, process or store within AWS and the University continues to be the Data Controller for any such data. Consequently you must ensure that you have analysed the security and any data protection requirements for each of your AWS use cases and that these are appropriate for the data you intend to transfer to AWS.

If you are considering transferring, processing or storing any health data, including anonymised health data, in AWS you must consult in the Clinical School before any data transfers are made.

The University's AWS contractual terms specifically exclude AWS from any liability as a result of data loss.

UIS Service Desk

UIS Service Status

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

University Wireless Service maintenance: Tuesday 21 September, 08:00–09:00

16 September 2021

The University Wireless Service will be undergoing essential maintenance between 08:00 and 09.00 on Tuesday 21 September while we apply a security software patch. This is a security update to ClearPass, which provides Wireless Service network access control. We're not expecting any disruption to service, but it should be...

Mailing list migrations from Mailman to Sympa

31 August 2021

We intend to migrate all remaining lists associated with colleges from Mailman to Sympa during the week commencing 13 September 2020. The current total is 1,567. How this will affect users of the mailing list management service Most mailing list subscribers shouldn't notice any difference. During the switchover, there will...

Managed Zone Service closedown and migration to Mythic Beasts

24 August 2021

The Managed Zone Service (MZS) is being shut down, and its data content migrated to a commercial provider, Mythic Beasts. There will be no interruption to the service, but MZS users in institutions will need to make arrangements to retain management access to their zones. What is changing? UIS set up the MZS many years ago...