Scribd
Upload
39 views1 page

Cloud Compliance Controls Guide

The document contains a table of contents for a Cloud Computing Compliance Controls Catalogue. It lists the section headings and control codes for various sections on topics like policies for service providers, security incident management, business continuity management, security checks and verification, compliance and data protection, and mobile device management. Each section contains multiple specific controls related to that compliance topic.

Uploaded by

SNFK2018
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
39 views1 page

Cloud Compliance Controls Guide

The document contains a table of contents for a Cloud Computing Compliance Controls Catalogue. It lists the section headings and control codes for various sections on topics like policies for service providers, security incident management, business continuity management, security checks and verification, compliance and data protection, and mobile device management. Each section contains multiple specific controls related to that compliance topic.

Uploaded by

SNFK2018
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Cloud Computing ComplianCe Controls Catalogue (C5) | taBle oF Content

„ DLL-01 Policies for the handling of and security


requirements for service providers and suppliers of the
cloud provider 60
„ DLL-02 Monitoring of the rendering of services and
security requirements for service providers and suppliers
of the cloud provider 60

5.13 Security incident management 61

„ SIM-01 Responsibilities and procedural model 61


„ SIM-02 Classification of customer systems 62
„ SIM-03 Processing of security incidents 62
„ SIM-04 Documentation and reporting of
security incidents 62
„ SIM-05 Security incident event management 62
„ SIM-06 Duty of the users to report security incident to a
central body 62
„ SIM-07 Evaluation and learning process 62

5.14 Business continuity management 63

„ BCM-01 Top management responsibility 63


„ BCM-02 Business impact analysis policies and procedures 63
„ BCM-03 Planning business continuity 63
„ BCM-04 Verification, updating and testing of the
business continuity 64
„ BCM-05 Supply of the computing centres 64

5.15 Security check and verification 65

„ SPN-01 Notification of the top management 65


„ SPN-02 Internal audits of the compliance
of IT processes with internal security policies
and standards 65
„ SPN-03 Internal audits of the compliance
of IT systems with internal security policies
and standards 66

5.16 Compliance and data protection 66

„ COM-01 Identification of applicable legal, contractual


and data protection requirements 66
„ COM-02 Planning independent, external audits 67
„ COM-03 Carrying out independent,
external audits 67

5.17 Mobile device management 68

„ MDM-01 Policies and procedures for the risk


minimisation of access via the cloud provider’s mobile
terminal devices 68

You might also like