+GC-02 Information on availability and incident handling during regular operation

1. Übersicht

GC-02 Information on availability and incident handling during regular operation

In contractual agreements (e.g. service level agreements), the cloud service provider presents comprehensible, binding and transparent information on:

1. Availability of the cloud service;
2. Categorisation and prioritisation of incidents;
3. Response times for disruptions of regular operation according to the categorisation (time elapsed between the reporting of the disruption and the first response by the cloud service provider);
4. Recovery time (time elapsed until the incident has been resolved); and
5. Contractual consequences of non-compliance.

The information is based on definitions that allow subject matter experts of the cloud service customers to assess the cloud service against their business requirements.
Contractual agreements may refer to operational documentation (e.g. service documentation, technical specifications, or other publicly accessible resources) that can be regularly updated.
The description of the cloud service provider's system of internal control relevant to the development and operation of the cloud service indicates where this information can be found. References relate precisely to the individual aspects specified above, allowing readers who are not familiar with the contractual agreement or the operational documentation to find the information in a timely manner.

If information on availability and remediation of disruptions represent average values that are not binding in individual cases, this is highlighted separately.

In addition to the reference in the description of the cloud service provider, the information itself may also be an optional part of the report, e.g. in a section 'Other information provided by the Cloud Service Provider'. Only in the latter case, this information is not subject to the auditor's procedures, and, accordingly, the auditor does not issue an opinion on it.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen

3. Related Regulations

Regulations
Impressum