|
+INQ-04.01B |
1. ÜbersichtINQ-04.01BThe cloud service provider documents the technical procedures per service and other technical information regarding the provision or disclosure of cloud service customer data in response to valid investigation requests and provides it to cloud service customers.The criterion is limited to cloud service customer data. The cloud service provider typically has access to other data types such as cloud service derived data and account data such that extending the criterion to those other data types, may not lead to useful information for customers' risk management. Technical capabilities and limitations to access cloud service customer data include aspects such as: 1. If the cloud service customers store their cloud service customer data in unencrypted form; 2. If the cloud service provider encrypts cloud service customer data in storage and transit; 3. Whether the cloud service provider has the ability to decrypt cloud service customer data in case of such requests and how this ability for access or disclosure is used; 4. Retention periods for cloud service derived data relating to the cloud service customer and whether such data is stored in encrypted form; 5. Possibilities for decrypting cloud service customer data or for extracting cloud service customer data during the decryption process; 6. Disclosure of user identities and credentials; and 7. Further measures that have been created or can be used for disclosing cloud service customer data.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|