|
+GC-01 Information on applicable law, jurisdiction, countries, partitions, regions, zones and locations |
1. ÜbersichtGC-01 Information on applicable law, jurisdiction, countries, partitions, regions, zones and locationsIn the description of the cloud service provider's system of internal control relevant to the development and operation of the cloud service and the contractual agreements (e.g. service level agreements), the cloud service provider clearly provides comprehensible and transparent information on:1. Its applicable law; 2. Its jurisdiction (courts that will hear disputes); 3. The country in which the cloud service provider's entity or entities that prepared the description is/are registered as a legal entity; 4. The country in which the cloud service provider's headquarters (ultimate parent) is registered as a legal entity; 5. The partitions, regions, zones and locations that are provided to cloud service customers for the operation of the cloud service, where the cloud service customer data, cloud service derived data and account data is processed, stored and backed up, based on service offering type (SaaS, PaaS, IaaS); and 6. If certain of these partitions, regions, zones and locations are not in scope of the assurance engagement, an indication for their exclusion. The information is prepared to meet the common needs of a broad range of subject matter experts of the cloud service customers who define or implement information security requirements, validate their effectiveness or assess the suitability of the cloud service from a legal and regulatory perspective (e.g. IT, compliance, internal audit). For definitions of the terms partitions, regions, zones, locations and the data types cf. section 1.2. If the processing, backup and storage of customer data take place in different partitions, regions, zones and locations, this has to be described comprehensibly and transparently in the system description.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|