+SIM-04 Documentation and Reporting of Security Incidents
---+SIM-04.01B
---+SIM-04.02B
---+SIM-04.01AC
---+SIM-04.02AC
---+SIM-04 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
SIM-04 Documentation and Reporting of Security Incidents
-
| Bezeichnung |
Standard |
|
SIM-04.01B
|
After a security incident has been processed, the solution is documented in accordance with the contractual agreements and the documentation is sent to the affected customers for final acknowledgement or, if applicable, as confirmation.
|
|
SIM-04.02B
|
Information on security incidents or confirmed security breaches is made available to all affected customers.
Security breaches in the sense of this criterion are security incidents caused by unauthorised access and compromise of cloud service customer data or service delivery as a result of violations of policies and procedures or applicable legal and regulatory requirements (cf. HR-04.02B)
|
|
SIM-04.01AC
|
The customer can either actively approve solutions or the solution is automatically approved after a certain period.
|
|
SIM-04.02AC
|
The contract between the cloud service provider and the cloud service customer regulates which data is made available to the cloud service customer for his own analysis in the event of security incidents.
|
|
SIM-04 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls that they receive notifications from the cloud service provider about security incidents that affect them and their resolution and that these notifications are timely forwarded to the entity responsible for handling them so that an appropriate response can be made.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|