+COM-04.02AC

1. Übersicht

COM-04.02AC

The responsible business units of the cloud service provider report at least annually to the top management on the the status and effectiveness of the policies and procedures that are relevant to the top management review of the information security management system. This reporting includes at least:

1. Implemented changes to address cybersecurity risks for the topic addressed in the policy or procedure;
2. Information security incidents for the topic addressed in the policy or procedure and the follow-up;
3. Performance of the internal controls regarding information security for the topic addressed in the policy or procedure; and
4. Planned changes for the topic addressed in the policy or procedure to address cybersecurity risks and information security and cybersecurity.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html