You can now use Amazon Lex for use cases that are subject to Service Organization Control (SOC) compliance. Amazon Lex is SOC 1, 2, and 3 compliant, allowing you to get deep insight into the security processes and controls that protect customer data. AWS maintains SOC compliance through extensive third-party audits of AWS controls. These audits ensure that the appropriate safeguards and procedures are in place to protect against security risks that may affect the confidentiality, integrity, and availability of customer and company data. The results of these third-party audits are made available on the AWS SOC Compliance site, where auditors can view the published reports to get more information about the controls established to support AWS operations and compliance.

from Recent Announcements: https://aws.amazon.com/about-aws/whats-new/2019/11/amazon-lex-is-now-soc-compliant/