+HR-01.01B

1. Übersicht

HR-01.01B

The cloud service provider identifies for the production environment which roles within the organisation can access cloud service customer data, cloud service derived data, cloud service provider data, account data or system components under the cloud service provider's responsibility.

This criterion applies to both existing and newly hired personnel. Roles with access to these data types or system components can, depending on their access rights, include, but are not limited to:

1. Cloud software engineers and developers;
2. Cloud architects and cloud infrastructure engineers;
3. Cloud platform engineers and DevOps engineers;
4. System operations engineers and managers;
5. Cloud operations engineers and managers;
6. Cloud network engineers and architecture leads;
7. Cloud security engineers, administrators and security architects;
8. Cloud security operations specialists and analysts;
9. Storage and database engineers;
10. Technical account managers and customer account managers;
11. Customer support engineers;
12. IAM administrators and access management specialists;
13. Cloud compliance managers and risk and compliance analysts; and
14. Information security officers and data protection officers.

Personnel refers to both internal and external personnel.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html