When Claude Platform on AWS enters your environment, it enters your audit scope. Frameworks like SOC 2 (a widely used attestation of a service organization's controls) and ISO 27001 (the international information-security management standard) don't name AI services specifically — they ask generic questions about access control, logging, change management, and vendor management. The good news: because this platform's control surface is AWS IAM and CloudTrail, the evidence patterns you already use for other AWS services extend to it. This article maps the pieces; your compliance team and auditor decide how they satisfy your specific control set.
Know who processes what
Start the vendor-management file with the facts of the arrangement. Claude Platform on AWS is Anthropic-operated: Anthropic is the data processor for inference inputs and outputs, while AWS handles authentication, IAM, and Marketplace billing — and data may route to Anthropic's primary cloud rather than residing in AWS. It follows the same data retention policy as the first-party Claude API, with Zero Data Retention available on request through an Anthropic account representative. Anthropic states it has obtained SOC 2 Type I and Type II, ISO 27001:2022, and ISO/IEC 42001:2023 for its commercial products, with reports available through its Trust Center — request the current reports rather than citing this page. Two hard boundaries to record: Anthropic's HIPAA-ready program is not available on Claude Platform on AWS, and Anthropic's docs direct organizations needing FedRAMP High, IL4/IL5, HIPAA readiness, or AWS as sole data processor to Claude in Amazon Bedrock instead. As always, your deployment inherits your providers' compliance postures — confirm specifics with your providers and your own assessors.
Logging: CloudTrail, with one paid checkbox
Audit-logging controls need a tamper-resistant record of administrative and data activity. On this platform, CloudTrail coverage splits in two. Workspace, vault, and webhook actions are management events — logged by default, precisely because vaults and webhooks hold secrets. Inference, batch, model, file, skill, and the remaining Managed Agents actions are data events, logged only if you explicitly enable (paid) data event logging. For a workload in audit scope, enable it — "we log administrative changes but not model invocations" is a finding waiting to happen. Every response also carries an AWS request ID (x-amzn-requestid, indexed in CloudTrail) that ties your application logs to the CloudTrail record.
Access control: IAM policies as the control, reviews as the evidence
Access-control questions ("access restricted to authorized users, least privilege, periodically reviewed") map onto the platform's 65 IAM actions and workspace ARNs. Patterns that review well: least-privilege inference policies scoped to a single workspace ARN; separation of duties via the documented provisioning pattern (a CI/CD role that manages workspaces but holds no inference permissions); and explicit deny statements for data-minimization commitments (denying CreateBatchInference and CreateFile keeps stateful artifacts out of a ZDR-sensitive workspace). Flag the sharp edges in your review procedure: the managed AnthropicInferenceAccess policy's Get*/List* wildcards read all workspace content; suffix wildcards over-match (*File also catches UserProfile actions); and "no delete" intents need care — agents support only archive, and Delete* deny patterns block neither ArchiveAgent nor version deletion via UpdateSkill. Because workspace member management doesn't exist on this platform, your quarterly access review is an IAM review: who can assume which roles touching which workspace ARNs.
The evidence table
| Audit question | Platform mechanism | Evidence artifact |
|---|---|---|
| Who can invoke the model? | IAM policies on workspace ARNs (CreateInference) | Policy documents in version control; access-review records |
| Is activity logged and reviewable? | CloudTrail management + enabled data events | Trail configuration; sample event queries |
| Are environments segregated? | Workspace per environment; region-bound workspaces | Workspace inventory; per-workspace IAM policies |
| Are changes controlled? | IAM and prompts managed as code | Pull-request history; pipeline approval records |
| Is the vendor assessed? | Anthropic Trust Center reports; AWS agreements | Current SOC 2 / ISO reports; DPA and marketplace terms |
| Is data handling defined? | Retention policy; ZDR arrangement; inference_geo controls | Contract terms; workspace geo configuration |
Where to go next
The access-control half of this story is expanded in workspace isolation and IAM policy templates; the logging half in CloudTrail logging. For data-handling terms across all four platforms, see the enterprise checklist.