|
+OPS-23.01B |
1. ÜbersichtOPS-23.01BThe cloud service provider regularly measures, analyses and assesses the procedures with which vulnerabilities and incidents are handled to verify their continued suitability, appropriateness and effectiveness.The assessment of the suitability, appropriateness and effectiveness of procedures for managing vulnerabilities and incidents may be based on the following information: 1. Regular reporting of KPIs (Key Performance Indicators) that are volume, time-based or resolution/quality-based; 2. Customer complaints or the results of customer surveys about their satisfaction with the procedures; and 3. Results of internal or external audits. KPIs for vulnerabilities include, for example: 1. Mean Time to Detect (MTTD, average time it takes to discover a vulnerability from its disclosure or creation); 2. Mean Time to Remediate (MTTR, average time it takes to fix or patch a vulnerability after it has been detected); 3. Number of open vulnerabilities at each severity level; and 4. Percentage of vulnerabilities that have been patched within a set period. KPIs for incidents include, for example: 1. Number of incidents reported over a set period and how this evolved over the time; 2. Average response and resolution time; 3. Percentage of incidents resolved within the agreed-upon service level agreement; and 4. Percentage of incidents resolved during the first attempt for resolution.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|