AWS Bedrock
Compliance Guide
Building on AWS Bedrock? We've mapped ISO 42001 and EU AI Act controls directly to AWS native security services to accelerate your audit readiness.
Native Control Mapping
AWS PrivateLink & VPC Endpoints
Ensures model traffic never traverses the public internet.
Amazon Bedrock Guardrails
Configure custom filters for PII, hate speech, and hallucinations.
AWS KMS (Key Management Service)
Use customer-managed keys (CMK) for model inputs and outputs.
AWS CloudTrail & CloudWatch
Capture every API invocation and administrative change.
Shared Responsibility Model for AI
Just like standard cloud security, AI compliance is a shared responsibility. AWS secures the foundational models and infra, but you are responsible for:
Prompt Engineering Security
Protecting against prompt injection and jailbreaking.
Training Data Governance
Ensuring data used for fine-tuning is clean and legally compliant.
Implementing AI Governance on AWS
Need help configuring your AWS Bedrock environment for ISO 42001?
Back to HubKevin A
Principal Security & GRC Engineer
Kevin is a security engineer turned GRC specialist. He focuses on mapping cloud-native infrastructure (AWS/Azure/GCP) to modern compliance frameworks, ensuring that security controls are both robust and auditor-ready without slowing down development cycles.