To ask His Majesty's Government what, if any, security vetting is required for Amazon Web Service staff to handle Home Office data under the contract for the supply of cloud computing services agreed between the two on 30 November.
Answered on
20 December 2023
The supplier shall be required to comply with data protection legislation, together with specific confidentiality, data protection and data security obligations to protect Home Office data when required, including physical and logical security restrictions applicable to the supplier’s personnel from accessing and processing the Home Office’s data, in accordance with the AWS Security Standards.
This may include vetting to recognised standards when the specific work requires such clearance. The Home Office use “keys” which ensure its data is fully encrypted at rest and in-transit, such that AWS have no access.