|
+PSS-12.03B |
1. ÜbersichtPSS-12.03BThe contractual agreements specify the regions in which processing and storage of cloud service customer data, cloud service derived data and account data occurs and the circumstances under which changes may be applied.This criterion refers to the architecture of the cloud service and does not put any constraints on the architecture the cloud service customer designs. If a cloud service provider has several regions that provide the same service, the cloud service customer is free to use the service in different regions (e.g. for more resilience). This subcriterion refers to contractual agreements which include the pledge for cloud service customer data, cloud service derived data, cloud service provider data and account data to reside in the chosen region. It also covers how contractual agreements are updated, ensuring transparent communication and continued residency for all four types of data in the agreed region(s). This criterion supplements the General Condition GC-01. It does not require the cloud service provider to offer multiple regions or partitions. If the cloud service provider offers only one partition for the cloud service(s) in scope, this does not comprise a deviation from the criterion. If the additional complemental criterion is only applicable for selected partitions in scope of an assurance engagement in accordance with this catalogue, this should be presented in the cloud service provider's description of its system of internal control for the cloud service. This criterion is a prerequisite for technical service sovereignty. Monitoring of threat intelligence data, which excludes any cloud service customer data and account data, and logging of required routing information such as IP addresses are not required to be geographically limited to a single partition.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|