+SIM-06 Evaluation and Learning Process
---+SIM-06.01B
---+SIM-06.02B
---+SIM-06.03B
---+SIM-06.04B
---+SIM-06 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
SIM-06 Evaluation and Learning Process
-
| Bezeichnung |
Standard |
|
SIM-06.01B
|
Mechanisms are in place to measure and monitor the type and scope of security incidents and to report them to supporting bodies.
Supporting bodies may be external service providers or government agencies such as the BSI.
|
|
SIM-06.02B
|
The cloud service provider defines, implements and maintains a knowledge repository containing:
- Security incidents;
- Measures taken for the solution of these security incidents; and
- Information about the assets affected by these security incidents.
This information is used to supplement the classification catalogue of incidents (cf. SIM-03).
|
|
SIM-06.03B
|
The information obtained from the security incident monitoring and the intelligence gathered in the knowledge repository is used to identify recurring security events or security incidents, or potential significant security incidents, to determine the need for advanced safeguards, and for implementing them.
|
|
SIM-06.04B
|
The evaluation and learning process includes the results of root-cause analyses conducted in accordance with SIM-03.
|
|
SIM-06 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls that they include into their ISMS the findings and measures related to previous security incidents reported by the cloud service provider. The cloud service customers evaluate whether and which supporting measures they might take on their side.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|