Outsourced Service Provider’s Audit Report (OSPAR)

Overview

Amazon Web Services (AWS) achieved the Outsourced Service Provider’s Audit Report (OSPAR) attestation. AWS’ alignment with the Association of Banks in Singapore (ABS) Guidelines on Control Objectives and Procedures for Outsourced Service Providers (ABS Guidelines) demonstrates to customers AWS’ commitment to meeting the high expectations for cloud service providers set by the financial services industry in Singapore.

The ABS Guidelines recommend that Singapore banks select outsourced service providers that meet the controls set out in the ABS Guidelines, which can be demonstrated through an OSPAR. An OSPAR attestation involves an external audit of the service provider’s controls against the criteria specified in the ABS Guidelines.

The AWS services that are in scope of the OSPAR attestation can be found within AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have an interest in other services please contact us.

• What is OSPAR?

  The ABS Outsourcing Guidelines provide that Singapore banks’ outsourced service providers (“OSPs”) who provide material outsourced services and/or have access to the financial institution clients’ information should engage an external auditor to issue an OSPAR. Issuance of an OSPAR involves an external audit of the OSPs’ controls against the criteria specified in the ABS Outsourcing Guidelines.

• Which services are covered by the OSPAR attestation?

  The AWS services that are in scope of the OSPAR attestation can be found within AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have an interest in other services please contact us.
  

• What does this mean to me as a customer?

  The ABS Guidelines provide a minimum standard of controls and procedures expected by the financial industry in Singapore. Compliance with these guidelines, as demonstrated by the successful completion of OSPAR, provides AWS customers with the assurance that AWS meets these high standards.
  

• Can I get a copy of the OSPAR audit report?

  Yes. The audit report can be downloaded on AWS Artifact.  

• Who performs the service control audit of AWS?

  An independent third-party auditor from the ABS list of approved auditors performs the audit for AWS’ OSPAR. 

• How long is the OSPAR valid?

  The OSPAR is valid for 12 months from the date of issue.
  

• Which regions are covered by the OSPAR attestation?

  The OSPAR covers the Asia Pacific (Singapore) Region.
  

• Where can I find more information about the ABS Guidelines and OSPAR?

  For more information, see the ABS Guidelines for Outsourced Services Providers page.