ECSA Assessment Report
|
|
- Easter Fox
- 5 years ago
- Views:
Transcription
1 ECSA Assessment Report Company Test Cloud Company Name of the cloudservice textcloud.com Website of the cloudservice 11.textcloud.com Project number #10652 Projectname Dummyproject Print date Link to publication on ECSA web ECSA online analysis Only if publication was ordered Used tickets Print time 18:48 Self-Assessment reports like this one are a summary of information about a specific cloud services provided by a representative of the organisation mentioned in the report. Under no circumstances does EuroCloud add, change, delete or evaluate this data... EuroCloud never performs any kind of quality check and is therefore not reliable for any misleading, missing or incorrect information given by the user of the ECSA Assessment Tool. An ECSA Audit includes a third party quality check which is performed by an external audit organisation not EuroCloud. Self- Assessments do not include such an external quality check. EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 1/33
2 Area 6s: Application SaaS Not applicable Assessment Statistics Total rating: 0 Area Requested Star Rating Control questions Total A Answers Total B Answers Total C Answers Total D Answers Total E Answers Total F Answers Achieved Star Rating 01 Provider Profile 02 Contract & Compliance 03 Security & Data Privacy 04 DC Infrastructure 05 Operational Processes i IaaS p PaaS s SaaS EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 2/33
3 Area 1: Cloud Service Provider Profile Print Date: EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 3/33
4 Area 1: Cloud Service Provider Profile CSP Profile Company Name Address Test Cloud Company Gluckgasse Vienna Germny Company Registration DE Köln Reference ghr-78900k Contact Sales and Product Services SChmutzer martin martin.schmutzer@ff.vom Contact Technical Services Karin maier Maier@ff.com Contact Data Privacy Helmut heimlich hh@ff.com Contact Legal Dr. Laurich Martin laurci@ff.com Street ZIP Code (optional) City Country Company Web Site Country and City of company registration Company registration number Date of registration Full name address EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 4/33
5 Area 1: Cloud Service Provider Profile Phone Number Full name address Phone Number Full name address Phone Number Full name address Phone Number EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 5/33
6 Area 1: Cloud Service Provider Profile Physical Data Location Customer Data Full contact Details of the DC location (First) Full contact Details of the DC location (Second/Backup) DC1 karinberg Munich Germny textcloud DC2 martinstr berlin Germany cloudtest Full contact Details of further DC locations Name Street ZIP Code (optional) City Country Legal owner of the DC location and owner structure Name Street ZIP Code (optional) City Country Legal owner of the DC location and owner structure EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 6/33
7 Area 1: Cloud Service Provider Profile Service Management Access options for technical and support resources outside the CSP and DC facilities and level of country restriction EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 7/33
8 Area 1: Cloud Service Provider Profile Extended Company Profile Headcount for Cloud Service provisioning 367 Company headquarters Berlin Worldwide headcount 367 Main role ISV (Independent Software Vendor) Level of experience for Cloud Service provisioning fully up and running and in place since 2010 EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 8/33
9 Area 1: Cloud Service Provider Profile Reference Information about the Cloud Service Name of the Cloud Service Short service description Website of the Cloud Service textcloud.com This is just a test description of a service 11.textcloud.com Overall number of Cloud Services (no modules) 1 Number of customers of the Cloud Service in scope for 3000 assessment/certification Number of users of the Cloud Service in scope for 3000 assessment/certification EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 9/33
10 Area 1: Cloud Service Provider Profile Certifications Certifications for Technical management ECSA DC Star 01 TÜV 445 ISO Reference profil.pdf Certifications for Quality Management Cobit 9000 Reference Certifications for Compliance ITL 9000 Reference Certifications for Data Privacy none Reference Sector Specific certifications none Reference EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 10/33
11 Version 3.0 rev Control: 2 - Contract & Compliance EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 11/33
12 Version 3.0 rev Control: 2 - Contract & Compliance 01 Adequate contract terms Conclusion of contract A02-S01-C01-Q01 Are the contract elements accessible for the customer before booking services? Online reference or request procedure for clients A: Excellent - All relevant contract elements are bundled, easy to understand, easily accessible on the website with the most recent version and version management. No hidden links to any other documents that are legally binding. A02-S01-C01-Q02 Are all the relevant contractual elements included and referenced - like the general terms and conditions, privacy policies, security policies and others? A main document (e.g frame contract) which is cleary referenced to the Service offered according to the profile is in place. All related agreements are referenced and named in this document B: Good - Main document is available in the most recent version Terms of cancellation EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 12/33
13 Version 3.0 rev Control: 2 - Contract & Compliance A02-S01-C02-Q01 Is it possible to terminate a contract with just cause? At least a standard clause to terminate the contract has to be outlined. C: Sufficient - A standard clause for contract termination is specified EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 13/33
14 Version 3.0 rev Control: 2 - Contract & Compliance 02 Rules for Data Management Location of Data A02-S02-C01-Q01 Are the location, postal address and contact for the physical data hosting of the customer data clearly provided? Customer must be able to provide evidence of data location for personal and financial data (if required by local regulation) A: Excellent - Any location with potential customer data is listed with address, contact data and entitlement to access the data by the customer on demand Data access by customer A02-S02-C02-Q01 In the case of dissent about the service delivery is it confirmed that the customer can access the data without any constraints and that the service provider is still bound to the data archiving requirements. Give the customer the right to access his data in the case of unclear payment balances or other contractual obligations. The service itself can be interrupted. B: Good - The customer can still use the service for at least 2 weeks after first formal notice of potential service interruption and archiving is still active. Data access is granted for the following 6 month. EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 14/33
15 Version 3.0 rev Control: 2 - Contract & Compliance 04 Service Level Agreements General requirements A02-S04-C01-Q01 Is the Service Level Agreement part of the overall contract and does it describe in a sufficient way the guarantee of service quality? Provide appropriate Service Level objectives which can be monitored by the Customer A: Excellent - The SLA provides clear service objectives, metrics and ongoing evidence of compliance. EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 15/33
16 Version 3.0 rev Control: 2 - Contract & Compliance 06 Terms for pricing and cost allocation Terms for pricing and cost allocation A02-S06-C01-Q01 Are the pricing units and service costs transparently described? A sample calculation has to be shown with all ramp up costs and dynamic price items. C: Sufficient - A standard price scheme is in place. EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 16/33
17 Version 3.0 rev Control: 3 - Security and Data Privacy EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 17/33
18 Version 3.0 rev Control: 3 - Security and Data Privacy 01 Security Management Organisational Requirements A03-S01-C01-Q06 Are operational staff trained in IT security on a regular basis? A (*****) - Evidence of training and testing by a training institute entitled for ISO training B (*****) - Evidence of training and testing C (***) - Training plan and participation plan provided C: Sufficient - Training plan and participation plan provided A03-S01-C01-Q07 Are the operational staff trained in policies relating to access to personal data and data privacy? A (****) - Dedicated training with attestation B (****) - Policies in place and confirmed by each individual C (***) - Policies referenced in HR contract B: Good - Policies in place and confirmed by each individual Preventive Measures A03-S01-C02-Q01 Are regular security checks or penetration tests carried out? Pro active security monitoring and verification of procedures ***** (A),**** (B), *** ( C) A: Excellent - Continuous monitoring of known vulnerabilities and cyber threads and regular penetration testing (at least every 6 Months) EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 18/33
19 Version 3.0 rev Control: 3 - Security and Data Privacy A03-S01-C02-Q03 Is the entitlement and authorisation process for new customers appropriate? Protect other customers from being affected by suspicious or anonymous users (cyber and crime threads) **** (A), *** (B) F: Not applicable - Please comment on reasoning *** For whatever good reason, this control is not applicable. EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 19/33
20 Version 3.0 rev Control: 3 - Security and Data Privacy 02 Technical Security Cyber Security A03-S02-C01-Q01 Does a firewall system protect the infrastructure according to the current level of technology? Evidence of base line protection C: Sufficient - FW mechanism is in place and up to date A03-S02-C01-Q03 Optional Control: Is the service access secured either by Virtual Private Network (VPN) or Virtual Private Cloud (VPC) access? Show isolation level of connected users for highly sensitive areas (e.g. medical patient data) This Control- Questions is only optional. Please do only use it if necessary, otherwise use Option not applicable. B: Good - Secured and monitored VPC Password Management A03-S02-C03-Q01 Is the password management system automated? No user intervention is allowed to manage customer passwords A: Excellent - Certified by ISO (in scope for auditing) A03-S02-C03-Q02 Are the passwords secured against unauthorised access? Protection of passwords against decryption and unauthorised access A: Excellent - Certified by ISO (in scope for auditing) EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 20/33
21 Version 3.0 rev Control: 3 - Security and Data Privacy 03 Technical Data Privacy Measures Technical Data Privacy Assessment A03-S03-C01-Q01 Is the communication between the user and the service fully encrypted? Encryption level is according to current market standard F: Not applicable - Please comment on reasoning *** For whatever good reason, this control is not applicable. A03-S03-C01-Q02 Are the encryption technologies in use uncompromised and at a sufficient encryption level? Encryption level is according to current market standard B: Good - According to NIST Rev 1 A03-S03-C01-Q04 Are backups sufficiently secured against unauthorised access Archived data is included into all security processes A: Excellent - Certified by ISO (in scope for auditing) A03-S03-C01-Q10 Is the use of production data excluded for test and training systems? Clear separation of production and test systems B: Good - Clear policies to separate test and production data EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 21/33
22 Control: 4 - Operation DC Infrastructure EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 22/33
23 Control: 4 - Operation DC Infrastructure 01 Proper Facility and IT Co-Location Management Access control A04-S01-C03-Q01 Is there an adequate access and security concept for the data centre? Area and access protection C: Sufficient - DC access and security documentation in place A04-S01-C03-Q02 Is admission to the area used for the cloud service secured against unauthorised entry? Evidence of appropriate access protection to Cloud Service environment and stored data B: Good - Full qualified list of individuals with personal access codes Fail-safe operation A04-S01-C04-Q01 Is there a redundant power supply with UPS operation? Business continuity in case of short electricity outage A: Excellent - Bridge time > 60 mins A04-S01-C04-Q04 Is the cooling system redundant? Business continuity in case of cooling outage C: Sufficient - Cooling system with redundant power supply EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 23/33
24 Control: 4 - Operation DC Infrastructure A04-S01-C04-Q05 Are the hardware components adequately separated from other infrastructure? Is expansion possible, when required? Appropriate physical isolation level and expansion capabilities C: Sufficient - Relevant Infrastructure components are clearly assigned and protected against unauthorised access with extension options to 3 times of the current workload. A04-S01-C04-Q06 How high is the availability level in the individual data centres? A (*****) > 99.5, B (****) > 99,0, C (***) > 98,5 C: Sufficient > 98, Organisation Data Centre A04-S01-C05-Q01 Optional Control: Is there an operation management handbook? Please provide. C: Sufficient - Handbook is in place EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 24/33
25 Control: 5 - Cloud Service Operational Processes EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 25/33
26 Control: 5 - Cloud Service Operational Processes 01 Appropriate Customer Support Validation of Support Service A05-S01-C01-Q01 How is user authentication undertaken with regard to support? Level of entitlement to authorise a request before interact with support to a customer s specific request ***** (A), **** (B), *** ( C) C: Sufficient - Standard password check online, no customer specific support online A05-S01-C01-Q02 What is the guaranteed response time? Guranteed response time (not resolution time) to a service request ***** (A), **** (B), *** ( C) C: Sufficient - > 1 working day A05-S01-C01-Q03 What is the average resolution time? Differentiation according to degree of severity. Average resolution time for standard priority ***** (A), **** (B), *** ( C) C: Sufficient - < 4 working days A05-S01-C01-Q04 Does the customer have read-access to the contractor's ticketing system? Allow customers to keep track of status/activity ***** (A), **** (B), *** ( C) F: Not applicable - Please comment on reasoning *** For whatever good reason, this control is not applicable. A05-S01-C01-Q05 What is the availability of the support line? (hours of operation) Show support availability ***** (A), **** (B), *** ( C) A: Excellent - 7 days a week, 24 hours per day EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 26/33
27 Control: 5 - Cloud Service Operational Processes 02 Appropriate Service Management Problem Management A05-S02-C03-Q01 Are the roles and tasks defined for the problem management system? Efficient Problem Management A: Excellent - ISO certificate with appropriate scope is in place Change Management A05-S02-C04-Q01 Are changes in services reported to customers in advance when an impact is expected on the operation of the service? Appropriate customer information about potential service disruption/digression A: Excellent - Standard maintenance plan for the coming 12 months, regularly updated Capacity Management A05-S02-C07-Q01 Are the system resources continuously monitored? Pro active monitoring to identify SLA related issues A: Excellent - Monitoring with link to alert and incident management Availability Management EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 27/33
28 Control: 5 - Cloud Service Operational Processes A05-S02-C08-Q01 Is there an availability management system in place for the hardware? Special procedures for hardware avaialability management C: Sufficient - Procuedures for Availability Management is in place A05-S02-C08-Q02 Is there an availability management system in place for applications? Special procedures for application availability management B: Good - Availability Management System is in place Backup Management A05-S02-C12-Q01 Is there a data backup management system? Back Up management practice A: Excellent - ISO certified backup system A05-S02-C12-Q02 On what media are the backup data archived, and for how long? Appropriate backup media and retention C: Sufficient - Data media are appropriate to securely backup the system and customer data A05-S02-C12-Q04 At what intervals does backup of the transactional data occur? Frequency of backup cycles ***** (A), **** (B), *** ( C) C: Sufficient - 24 hours EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 28/33
29 Area 6i: Application IaaS EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 29/33
30 Area 6i: Application IaaS S0 Security S0.C0 Access Hypervisor AI06-S03-C01-Q01 Is there is a two-factor authentication for the provisioning access? Secure admin access C: Sufficient - Two factor authentication with at least one dynamic key is in place AI06-S03-C01-Q03 Are there user directives to ensure the security of virtual machines? Guidance to avoid vulnerability by customer managed systems C: Sufficient - Standard recommendations to reduce security risks for the used services EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 30/33
31 Area 6i: Application IaaS S0 Licence Management S0.C0 Operating System AI06-S04-C01-Q01 Are there authorisations by the licensor of the operating systems which are made available for deployment? Show evidence that the provider is entitled to offer the Operating Systems B: Good - Full liability statement by the provider in case of dispute about correct license usage EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 31/33
32 Area 6p: Application PaaS Not applicable EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 32/33
33 Powered by TCPDF ( EuroCloud Star Audit Catalogue Area 6s: Application SaaS Not applicable EuroCloud Star Audit Assessment Version: (c) All rights reserved to EuroCloud Europe, Luxembourg 33/33
Version 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationWhat is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller
A guide to CLOUD COMPUTING 2014 Cloud computing Businesses that make use of cloud computing are legally liable, and must ensure that personal data is processed in accordance with the relevant legislation
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationSecurity Principles for Stratos. Part no. 667/UE/31701/004
Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationDomain Registrations. Shared Hosting. Office 365 and Hosted Exchange #DOMAINS #HOSTING #
GDPR Compliance Responsibilities on Blacknight Products April 2018 GDPR is due to come into force May 25 th 2018. It sets out regulations for security and privacy controls required when handling Personally
More informationGranted: The Cloud comes with security and continuity...
Granted: The Cloud comes with security and continuity... or, does it? Bogac Ozgen, MSc GyroFalco Ltd. http://www.gyrofalco.com Questions & Answers Do we still need security and continuity? YES Should I
More informationA1 Information Security Supplier / Provider Requirements
A1 Information Security Supplier / Provider Requirements Requirements for suppliers & providers A1 Information Security Management System Classification: public Seite 1 Version history Version history
More informationCLOUD COMPUTING READINESS CHECKLIST
CLOUD COMPUTING READINESS DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO 1 CONTENTS INTRODUCTION
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationYour Trusted Partner in Europe European Business Reliance Centre
Your Trusted Partner in Europe European Business Reliance Centre Fit4Exchange 23 Septembre 2015 ebrc.com 24/09/2015 Public 1 EBRC -European Business Reliance Centre Our vision: To be the Centre of Excellence
More informationAppPulse Point of Presence (POP)
AppPulse Point of Presence Micro Focus AppPulse POP service is a remotely delivered solution that provides a managed environment of Application Performance Management. AppPulse POP service supplies real-time
More informationCloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com
Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security
More informationCyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No
PROPOSAL FORM Cyber Insurance Underwritten by The Hollard Insurance Co. Ltd, an authorised Financial Services Provider www.itoo.co.za @itooexpert ITOO is an Authorised Financial Services Provider. FSP.
More informationIBM Case Manager on Cloud
Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationCLOUD QUALITY AND CLOUD CERTIFICATION
CLOUD QUALITY AND CLOUD CERTIFICATION 8th EuroCloud Congress Cloud, Trust & Security 25th October 2017 / Brussels, Belgium Ivana Tepčević Project Manager and Lead Auditor, SGS Belgrade AGENDA SGS in brief
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationDavid Jenkins (QSA CISA) Director of PCI and Payment Services
David Jenkins (QSA CISA) Director of PCI and Payment Services PCI and the Cloud, where is my Atlas Agenda About Cognosec PCI DSS 3.0 and CSPs SLA Considerations Technical considerations Auditing About
More informationAUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationEuroCloud Europe. Key success factors for trustworthy Cloud Adoption in the EU. 16-JUNE-2015 Riga Andreas Weiss. Trust in Cloud
EuroCloud Europe a.s.b.l EuroCloud Deutschland_eco e.v. EuroCloud Europe Key success factors for trustworthy Cloud Adoption in the EU 16-JUNE-2015 Riga Andreas Weiss European Activities Expert Groups in
More informationCloud Service SLA Declaration
Cloud Service SLA Declaration Basic level of support for Cloud services (SLA 1) Table of Content: 1. Definitions 2. General terms 3. Level of service warranty service functioning 4. Provider`s liability
More informationIBM Security Intelligence on Cloud
Service Description IBM Security Intelligence on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients
More informationIBM Sterling B2B Services File Transfer Service
Service Description IBM Sterling B2B Services File Transfer Service This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationSparta Systems Stratas Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationThe Apple Store, Coombe Lodge, Blagdon BS40 7RG,
1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member
More informationSTANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?
ETSI SUMMIT Releasing the Flow Data Protection and Privacy in a Data-Driven Economy 19 April 2018 STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL? Presented by
More informationEU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationMapping of FedRAMP Tailored LI SaaS Baseline to ISO Security Controls
Mapping of FedRAMP Tailored LI SaaS Baseline to ISO 27001 Security Controls This document provides a list of all controls that require the Cloud Service Provider, Esri, to provide detailed descriptions
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationSCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationSparta Systems TrackWise Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationCloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA
Cloud Computing: A European Perspective Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA Overview Cloud Universe Definitions Cloud Risks in Europe Governance, Risk and Compliance
More informationCSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance
CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance ABOUT THE BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT CLOUD
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationBenefits of Cloud Computing
Cloud Computing Deployment Models Public Cloud Systems and services easily accessed by the general public. Less secure. Private Cloud Systems and Services accessed within an organisation. Increased security
More informationSecuring the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA
Securing the cloud ISACA Korea Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA What is cloud computing? Source: Wikipedia 2 What is cloud computing A model for enabling:- convenient on-demand network
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationNetworks - Technical specifications of the current networks features used vs. those available in new networks.
APPENDIX V TECHNICAL EVALUATION GUIDELINES Where applicable, the following guidelines will be applied in evaluating the system proposed by a service provider: TABLE 1: HIGH LEVEL COMPONENTS Description
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationOUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE
CONTENTS 1 ABOUT THIS PART... 2 2 GENERAL... 2 3 CLOUD INFRASTRUCTURE (FORMERLY UTILITY HOSTING)... 2 4 TAILORED INFRASTRUCTURE (FORMERLY DEDICATED HOSTING)... 3 5 COMPUTE... 3 6 BACKUP & RECOVERY... 8
More informationemarketeer Information Security Policy
emarketeer Information Security Policy Version Date 1.1 2018-05-03 emarketeer Information Security Policy emarketeer AB hereafter called emarketeer is a leading actor within the development of SaaS-service
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT HIRINGBOSS HOLDINGS PTE LTD This DPA is entered into between the Controller and the Processor and is incorporated into and governed by the terms of the Agreement. 1. Definitions
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationCrises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.
Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationMoving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop
Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop 10.08.2011 What is computing? Examples of service providers Computing preface Cloud computing
More informationEU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017
EU Cloud Computing Policy Luis C. Busquets Pérez 26 September 2017 The digital revolution is built on data Most economic activity will depend on data within a decade Potential of the data-driven economy
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationSpillemyndigheden s requirements for accredited testing organisations. Version of 1 July 2012
Version 1.3.0 of 1 July 2012 Contents 1 Introduction... 3 1.1 Authority... 3 1.2 Objective... 3 1.3 Target audience... 3 1.4 Version... 3 1.5 Enquiries... 3 2 Certification... 4 2.1 Framework for certification...
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationQ&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )
Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) May 2018 Document Classification Public Q&A for Citco Fund Services clients in relation to The General Data Protection
More informationDATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System
DATA PRIVACY & PROTECTION POLICY POLICY This Data Privacy & Protection Policy applies to ELMO Software Limited s Cloud HR & Payroll applications and platform (collectively, the Services ), elmosoftware.com.au
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationIBM Emptoris Managed Cloud Delivery
Service Description IBM Emptoris Managed Cloud Delivery This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients of
More informationBT Assure Cloud Identity Annex to the General Service Schedule
1 Defined Terms The following definitions apply, in addition to those in the General Terms and Conditions and the General Service Schedule of the Agreement. Administrator means a Customer-authorised person
More informationSolution Pack. Managed Services Virtual Private Cloud Managed Database Service Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Managed Database Service Selections and Prerequisites Subject Governing Agreement Term DXC Services Requirements Agreement between DXC and Customer
More informationData Processor Agreement
Data Processor Agreement Data Controller: Customer located within the EU (the Data Controller ) and Data Processor: European Representative Company: ONE.COM (B-one FZ-LLC) One.com A/S Reg.no. Reg.no. 19.958
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationAn Introduction to the ISO Security Standards
An Introduction to the ISO Security Standards Agenda Security vs Privacy Who or What is the ISO? ISO 27001:2013 ISO 27001/27002 domains Building Blocks of Security AVAILABILITY INTEGRITY CONFIDENTIALITY
More informationABOUT THIS SECTION...
CONTENTS 1 ABOUT THIS SECTION... 2 2 MANAGED SECURITY SERVICES... 2 3 WHAT IS SECURITY MONITORING?... 3 4 WHAT ARE THE SECURITY MONITORING SERVICE LEVELS?... 6 5 WHAT IS SECURITY INTELLIGENCE?... 10 6
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationOnline Services Security v2.1
Online Services Security v2.1 Contents 1 Introduction... 2 2... 2 2.1... 2 2.2... 2 2.3... 3 3... 4 3.1... 4 3.2... 5 3.3... 6 4... 7 4.1... 7 4.2... 7 4.3... 7 4.4... 7 4.5... 8 4.6... 8 1 Introduction
More informationCloud Security Whitepaper
Cloud Security Whitepaper Sep, 2018 1. Product Overview 3 2. Personally identifiable information (PII) 3 Using Lookback without saving any PII 3 3. Security and privacy policy 4 4. Personnel security 4
More informationWHITE PAPER. Title. Managed Services for SAS Technology
WHITE PAPER Hosted Title Managed Services for SAS Technology ii Contents Performance... 1 Optimal storage and sizing...1 Secure, no-hassle access...2 Dedicated computing infrastructure...2 Early and pre-emptive
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationIBM Managed Security Services - Vulnerability Scanning
Service Description IBM Managed Security Services - Vulnerability Scanning This Service Description describes the Service IBM provides to Client. 1.1 Service IBM Managed Security Services - Vulnerability
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationCLOUDVPS SERVICE LEVEL AGREEMENT CLASSIC VPS
CLOUDVPS SERVICE LEVEL AGREEMENT CLASSIC VPS SERVICE LEVEL AGREEMENT CLASSIC VPS 05 MARCH 2018 FINAL/V1.0 2 / 18 CLOUDVPS SERVICE LEVEL AGREEMENT CLASSIC VPS DOCUMENT TYPE SERVICE LEVEL AGREEMENT CLASSIC
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationPTSPAS Product Assessment HAPAS Equivalent in accordance with MCHW SHW Volume 1 Clause and
1. Policy It is the policy of Pavement Testing Services Ltd (hereafter PTS) to operate its certification/ assessment services in a non-discriminatory manner. PTS shall not use procedures / processes to
More informationSWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ
SWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ 1 SWIFT Customer Security Controls Framework Why has SWIFT launched new security
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationChoosing a Secure Cloud Service Provider
Choosing a Secure Cloud Service Provider Dr. Ricci IEONG, CISSP, CISA, CISM, CCSK, CCSP, CEH,GPEN, GIAC Advisory Board, ISSAP, ISSMP, F.ISFS Vice President Professional Development Cloud Security Alliance
More informationAuditing the Cloud. Paul Engle CISA, CIA
Auditing the Cloud Paul Engle CISA, CIA About the Speaker Paul Engle CISA, CIA o Fifteen years performing internal audit, IT internal audit, and consulting projects o Internal audit clients include ADP,
More informationDeploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)
Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP) May 16, 2016 Speakers Ron Moser, Managing Director, Moserhaus Consulting, LLC and Sr. Consultant,
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.4 - November 2015 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Document version General Of this document
More informationZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.
Security In today s world, the requirement to focus on building secure solutions and infrastructure has become an important part of the value that businesses deliver to customers and resellers. This document
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationMagento Commerce Architecture and Security Model Last updated: Aug 2017
Magento Commerce Architecture and Security Model Last updated: Aug 2017 Architecture The Magento Commerce architecture is designed to provide a highly secure environment. Each customer is deployed into
More informationSAS SOLUTIONS ONDEMAND
DECEMBER 4, 2013 Gary T. Ciampa SAS Solutions OnDemand Advanced Analytics Lab Birmingham Users Group, 2013 OVERVIEW SAS Solutions OnDemand Started in 2000 SAS Advanced Analytics Lab (AAL) Created in 2007
More informationThe Learner can: 1.1 Describe the common types of security breach that can affect the organisation, such as:
Unit Title: OCR unit number 38 Level: 3 Credit value: 12 Guided learning hours: 100 Unit reference number: Security of ICT Systems D/500/7220 Candidates undertaking this unit must complete real work activities
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationTELECOMMUNICATIONS AND DATA CABLING BUSINESSES
DRAFT for RCWS, ADTIA & ICAA INDUSTRY CODE for TELECOMMUNICATIONS AND DATA CABLING BUSINESSES Registered by the ACMA on XX XXXXX 2016 TABLE OF CONTENTS TABLE OF CONTENTS 2 1. SCOPE AND OBJECTIVES 3 1.1
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More information