+SIM-05 Duty of the Personnel to Report Security Incidents to a Central Body
---+SIM-05.01B
---+SIM-05.02B
---+SIM-05.03B
---+SIM-05 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
SIM-05 Duty of the Personnel to Report Security Incidents to a Central Body
-
| Bezeichnung |
Standard |
|
SIM-05.01B
|
The cloud service provider informs personnel and external business partners of their obligations. If necessary, they agree to or are contractually obliged to timely report all security events that become known to them and are directly related to the cloud service provided by the cloud service provider to a previously designated central office of the cloud service provider.
|
|
SIM-05.02B
|
The cloud service provider communicates that 'false reports' of events that do not subsequently turn out to be incidents do not have any negative consequences.
|
|
SIM-05.03B
|
The information security incident reporting mechanisms are communicated to personnel, cloud service customers and service organisations of the cloud service provider.
|
|
SIM-05 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls that identified security events, which the cloud service provider is required to process, are communicated timely to previously designated, responsible personnel.
The identification of such security events is supported by suitable controls (cf. complementary criterion for OPS-10).
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|