EUCSEC02-BP01 Identify external stakeholders and their security or regulatory compliance requirements

When creating and configuring an end user computing environment, verify that the regulatory requirements for the users of your environment are met. Consider the broader regulatory frameworks and their associated requirements in relation to accessibility that may be in scope for users with specific accessibility requirements.

Level of risk exposed if this best practice is not established: High

Implementation guidance

Determine internal and external policies that are applicable to your environment. To help identify stakeholders external to the organization, consider the following groups of potential sources of policy:

Government
Legal (for example, employment law, health and safety regulation, financial regulation, or accessibility)
Industry (for example, financial services regulators)

By considering each of these groups, you can assess the different potential sources of regulatory compliance for relevance against the applications being delivered, as well as the data they process and visualize.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

EUCSEC01-BP01 Identify discrete groups of users that require access and implement security controls appropriate for their risk profiles

EUCSEC03-BP01 Restrict user permissions to the minimum required to perform their role