Healthcare and government: compliance non-negotiable. HIPAA demands encryption, audit trails, Business Associate Agreements. GxP (FDA pharma) requires 21 CFR Part 11 electronic records. FedRAMP demands Impact Levels.
Pro design: KMS encryption all data, Secrets Manager rotation, Backup Vault Compliance Lock (immutable 7+ years), GuardDuty org-wide, AWS CloudHSM for FIPS 140-2, separate compliance account, regular FIS validation.
Core: Audit > Availability. Security > Performance. Cost last.