|
+OPS-10.01B |
1. ÜbersichtOPS-10.01BThe cloud service provider has established policies and procedures that govern the logging and monitoring of events on system components within its area of responsibility. These policies and procedures are documented, communicated and provided according to SP-01 with respect to the following aspects:1. Definition of events that could lead to a violation of the protection goals; 2. Specifications for activating, stopping and pausing the various logs; 3. Information regarding the purpose and retention period of the logs; 4. Definition of roles, responsibilities and authorities for setting up and monitoring logging; 5. Definition of log data allowed for transfer to cloud service customers and technical requirements of such a transfer; 6. Information regarding timestamps used in event creation; 7. Time synchronisation of system components with at least one approved time source that the cloud service provider considers to be reliable based on defined criteria. If several time sources are used, they are consistent with each other. The time sources can also be synchronised to several external reliable sources, except when used for isolated networks; and 8. Compliance with legal and regulatory frameworks. Logs as referred to in the basic criterion include cloud service derived data and cloud service provider data. Legal and regulatory frameworks can define e.g. legal requirements for retention and deletion of data.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|