Accountability Conceptual Framework

Similar documents
Importance of the Data Management process in setting up the GDPR within a company CREOBIS

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Workday s Robust Privacy Program

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

KISH REMARKS APEC CBPR NOV 1 CYBER CONFERENCE KEIO Page 1 of 5 Revised 11/10/2016

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Smart Software Licensing tools and Smart Account Management Privacy DataSheet

A PRE-WORKSHOP TUTORIAL ON THE APEC CROSS-BORDER PRIVACY RULES AND THE APEC PRIVACY RECOGNITION FOR PROCESSORS

SOC 3 for Security and Availability

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

Outsourcing: The Perspective of a Data Processor

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

Accelerate GDPR compliance with the Microsoft Cloud

Please note: The page numbers correspond to the learner study guide and portfolio of evidence. Only the first page number is given.

Kick-off Meeting DPIA Test phase

Continuous auditing certification

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY?

Canada s Weapons Threat Reduction Program

OSIsoft PI Cloud Services Privacy Statement

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Summary of FERC Order No. 791

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

A comprehensive approach on personal data protection in the European Union

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

Avanade s Approach to Client Data Protection

Basic Requirements for Research Infrastructures in Europe

EU data security and privacy trends

Demonstrating data privacy for GDPR and beyond

Google Cloud & the General Data Protection Regulation (GDPR)

ehealth Network ehealth Network Governance model for the ehealth Digital Service Infrastructure during the CEF funding

Cisco Webex Messenger

Pierre Sebellin. Systems Technical Officer International Electrotechnical Commission

Regulating Telemedicine: the

ISACA Cincinnati Chapter March Meeting

Cloud28+ Compliance in Cross Border Business

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

Law & Policy Meets Data in the Cloud: Data Sovereignty Across Asia. Bernie Trudel Chairman, Asia Cloud Computing Association

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679

ENISA s Position on the NIS Directive

On the EGI Operational Level Agreement Framework

Cybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration

IT MANAGEMENT AND THE GDPR: THE VMWARE PERSPECTIVE

Recommendations on How to Tackle the D in GDPR. White Paper

The MovingLife Project

ADIENT VENDOR SECURITY STANDARD

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Security and resilience in Information Society: the European approach

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

PRIVACY POLICY. Personal Information We Collect

Package of initiatives on Cybersecurity

Protecting your data. EY s approach to data privacy and information security

ICB Industry Consultation Body

Building Trust in the Cloud Era - Protect, Respect Personal Data

The NIS Directive and Cybersecurity in

Saba Hosted Customer Privacy Policy

Single Window Systems Conceptual Framework and Global Trends and Practices. OIC study th Meeting of the COMCEC Trade Working Group

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Contract Services Europe

The ProcessGene GRC Suite. Solution Presentation

Mutual Recognition Agreements WCAE Florence, November 2014

IDENTITY ASSURANCE PRINCIPLES

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

ISO/IEC Safeguarding Personal Information in the Cloud. Whitepaper

Trough a cyber security lens

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

Internet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement

The Impact of Privacy on HP s Customer Relationship Management Solution

Security and Architecture SUZANNE GRAHAM

PS Mailing Services Ltd Data Protection Policy May 2018

Cybersecurity Considerations for GDPR

Science Europe Consultation on Research Data Management

Globally Networked Customs Context, Concept, Rationale and Benefits - Indian Customs Perspective

1 Privacy Statement INDEX

Data Management and Security in the GDPR Era

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Motorola Mobility Binding Corporate Rules (BCRs)

Data Governance for Smart City Management

Avaya Equinox Meetings Online

Commonwealth Cyber Declaration

Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms

Plus500UK Limited. Website and Platform Privacy Policy

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Data Protection Policy

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

ENTERPRISE ARCHITECTS CONCERN LEGAL REQUIREMENTS FOR THE COMPLIANCE WITH THE LAW

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Achilles System Certification (ASC) from GE Digital

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

Benefits of Open Cross Border Data Flows

PROJECT BACKGROUND AND RATIONALE

Transcription:

Accountability Conceptual Framework Massimo Felici, HP Trust in the Digital World and Cyber Security & Privacy EU Forum Brussels,18 th April 2013

Motivations for an accountability-based approach Drivers for such an approach in cloud ecosystems Emerging issues in cloud ecosystems What is accountability? Accountability definitions Accountability attributes, practices, mechanisms and tools Accountability model Accountability approach Accountability framework Interdisciplinary approach Objectives Overview

Globalisation and new technologies Drivers for Accountability Cloud computing is the most significant shift in IT deployment Uncertainty and trust (for consumers, clients and regulators) Privacy and trust comes from sound stewardship of information by service providers for which we need to hold them accountable Regulatory complexity in global business environments, especially for cloud Accountability addresses global interoperability Clear and consistent framework of data protection rules Allows avoidance of complex matrix of national laws and reduces unnecessary layers of complexity for cloud providers New technologies like cloud are straining traditional privacy frameworks

Evolution of regulatory frameworks Regulatory Frameworks ASIA APEC Cross Border Privacy Rules New country laws EUROPE Binding Corporate Rules Revision of EU Privacy Directive ACCOUNTABILITY NORTH AMERICA Enforcement powers in Canada Proposed Consumer Privacy Bill in USA LATIN AMERICA New laws in Mexico, Colombia Proposed laws in Peru, Costa Rica, Chile...

What is Accountability?

Conceptual Definition of Accountability Defining Accountability Applicable across different domains and capturing a shared multidisciplinary understanding within the project Concerned about governance Conceptual Definition of Accountability Accountability consists of defining governance to comply in a responsible manner with internal and external criteria, ensuring implementation of appropriate actions, explaining and justifying those actions and remedying any failure to act properly. Responsibly and proactively (explaining, justifying, remedying) delivery of actions Compliance with respect to internal and external criteria defined by stakeholders

Defining Accountability Accountability for Data in the Cloud Contextualising accountability for data governance in cloud ecosystems Definition of Accountability personal and confidential data Accountability for an organisation consists of accepting responsibility for the stewardship of personal and confidential data with which it is entrusted in a cloud environment, for processing, sharing, storing and otherwise using the data according to contractual and legal requirements from the time it is collected until when the data is destroyed (including onward transfer to and from third parties). It involves committing to legal, ethical and moral obligations, policies, procedures and mechanisms, explaining and demonstrating ethical implementation to internal and external stakeholders and remedying any failure to act properly. Ethical aspects of accountability Deploying mechanisms and tools

From accountability to being accountable Accountability Model Operationalise the accountability definitions Capture different abstraction levels of accountability Identify attributes contributing towards accountability Characterize accountable organisations Identify elements of accountability practices Enable accountability practices

Accountability Attributes Responsibility: Responsibility may be defined as the state of being assigned to take action to ensure conformity to a particular set of policies or rules. Transparency: Transparency involves operating in such a way as to maximise the amount of and ease-of-access to information which may be obtained about the structure and behaviour of a system or process. Assurance: Assurance is the provision of evidence. An accountability system can produce evidence that can be used to convince a third party that a fault has or has not occurred. Remediation: Remediation is the act or process of correcting a fault or deficiency. A4Cloud Glossary conceptual attributes of accountability as used across different multidisciplinary domains conceptual basis for our definitions, and related taxonomic analysis Accountability Cloud Computing Information Security Industry or Research Domain-specific Terminology Defined in the project glossary

Accountability Practices Organisational accountability Accountability practices What organisations must do to be accountable

Accountability Mechanisms and Tools Diverse accountability mechanisms and tools that support accountability practices, that is, accountability practices use them

Accountability Model Operationalized by Implemented by Interpret Support

Accountability Context

Accountability Framework

Accountability Approach

Rationale for an accountability-based approach Highlighted its relevance for global business & cloud computing Defined accountability Clarified focus and scope Introduced accountability model Introduced accountability framework Overall approach Summary

Thank You. www.a4cloud.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback