Datica on AWS

Datica is your partner on top of AWS. Utilizing AWS’s industry leading infratructure as a service platform, Datica provides unparalled compliance and risk management in the cloud.

How Shared Responsibility Works

Information security and compliance is always a shared responsibility among many partners. When you work with Datica we're sharing the responsibility of compliance and data protection with you. This also extends to our relationship with AWS. Our Business Associate Agreement with AWS defines the lines of risk between the two companies. This is also the case with the BAA you sign with us. See the diagram below to get a picture of where each parties responsibilities lie.

Explaining Shared Responsibility

Essentially AWS will take on the risk of securing the physical infrastructure. They ensure no one will run into a datacenter and run out the door with a server containing PHI. This is a key responsibility in the shared model. However, this doesn’t get you much in the way of HIPAA compliance.

Explaining Shared Responsibility

Compliance is multi-faceted with many layers of responsibility. Without Datica, you'll be responsible for the entirety of compliance. From the cloud infrastructure layer to the application layer and beyond.

The only reason you would ever want to take this on is if you feel compliance a critical value you provide to your end user. Meaning, unless you're in the business of supplying compliance, this is not something you want to take on.

Explaining Shared Responsibility

Beyond building compliance controls and mappings on top of AWS (as shown above) — you're still responsbile for the entirety of application level and administrative compliance.

Explaining Shared Responsibility

When you add up all of the compliance responsibilities across the entire spectrum of the cloud, you start to see just how large it is. No one company should take on even half of this.

In the same way that you'll rely on AWS to secure the physical infrastructure in their datacenters, you should rely on Datica to deliver the 9/10ths of compliance required for HIPAA, HITRUST, GDPR, and more.

Datica & AWS

By relying on AWS to provide physical infrastructure compliance, and Datica to provide the rest, you'll be 100% HIPAA compliant at the infrastructure level. You'll still be responsible for the majority of application level and administrative compliance. However, Datica even helps there. Our open source policies are completely free to use and have been audited against HIPAA and HITRUST several times.

Explaining Shared Responsibility


Datica extends AWS APIs and infrastructure to take advantage of the cloud. AWS ensures physical security of their datacenters.


The 9/10ths of compliance are handled by Datica. Our Platform automates configuration and management of logging, monitoring, intrusion detection, key management, networking, vulnerability scanning, and much more. We take as much off of your plate as possible.

Application Layer

Application security and administrative compliance are left to you. By utilizing Datica's open source policies, you can achieve 100% compliance in a matter of days, not months.