+HR-01.01AC

1. Übersicht

HR-01.01AC

The cloud service provider defines in the human resource policy positions with levels and risk classification that require regular assessment of competence and integrity. The cloud service provider annually reviews their assessment of competence and integrity for personnel belonging to the defined positions.

Cloud service providers can implement various methods to assess competence and integrity of personnel in high risk positions, such as:

1. Self-disclosure of significant financial interests to determine conflicts of interest and susceptibility to blackmail;
2. Regular checking of certificates of good conduct, police clearance or other national equivalents;
3. Regular self-declaration of commitment with applicable policies and obligations;
4. Enforcing regular ethics and compliance trainings, including certification and testing of the personnel's understanding of applicable requirements and policies;
5. Enforcing regular participation in assessment centers to evaluate personnel's competence and integrity; and
6. Regular checks of personnel against national and international sanctions lists.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html