+COM-01 Identification of Applicable Legal, Regulatory, Self-imposed or Contractual Requirements
---+COM-01.01B
---+COM-01.01AC

1. Übersicht

COM-01 Identification of Applicable Legal, Regulatory, Self-imposed or Contractual Requirements

-
COM-01.01B The legal, regulatory, self-imposed and contractual requirements relevant to the information security of the cloud service as well as the cloud service provider's procedures for complying with these requirements are explicitly defined and documented.

The cloud service provider's documentation may refer to the following requirements, among others:

1. Requirements for the protection of personal data (e.g. EU General Data Protection Regulation);
2. Requirements regarding the information security posture of the cloud service provider (e.g. NIS 2 Directive, BSIG as applicable to KRITIS);
3. Compliance requirements based on contractual obligations with cloud service customers (e.g. ISO/IEC 27001, SOC 2, PCI-DSS); and
4. Requirements regarding exchange and use of data (e.g. EU Data Act).

The documentation of the identified requirements and the procedures for complying with these requirements may be spread across several documents and does not necessarily have to be recorded in a single register or directory.
COM-01.01AC The cloud service provider provides an overview of the procedures described in the basic criterion upon request by the cloud service customer.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen

3. Related Regulations

Regulations
Impressum