+Control and Monitoring of Service Providers and Suppliers (SSO)
---+SSO-01 Policies and Procedures for Controlling and Monitoring Service Organisations
------+SSO-01.01B
------+SSO-01.01AC
------+SSO-01.02AC
---+SSO-02 Risk Assessment of Service Organisations
------+SSO-02.01B
------+SSO-02.02B
---+SSO-03 Data Processing of Service Organisations
------+SSO-03.01B
------+SSO-03.02B
------+SSO-03.01AS
---+SSO-04 Directory of Service Organisations
------+SSO-04.01B
------+SSO-04.02B
---+SSO-05 Monitoring of Compliance with Requirements
------+SSO-05.01B
------+SSO-05.02B
------+SSO-05.03B
------+SSO-05.04B
------+SSO-05.05B
------+SSO-05.06B
------+SSO-05.07B
------+SSO-05.01AC
------+SSO-05.02AC
------+SSO-05.03AC
------+SSO-05 Supplementary Information - Complementary Customer Criteria
---+SSO-06 Contract Termination Strategy for Service Organisations
------+SSO-06.01B
------+SSO-06.02B
---+SSO-07 Ensuring Transparency within Service Organisations
------+SSO-07.01B
------+SSO-07.02B
------+SSO-07.01AS
---+SSO-08 Controlling Exchanges with Suppliers of Functional Components
------+SSO-08.01B
------+SSO-08.02B
------+SSO-08.03B

1. Übersicht

Control and Monitoring of Service Providers and Suppliers (SSO)

Objective: Ensure the protection of information that service providers or suppliers of the cloud service provider (service organisation) can access and monitor the agreed services and security requirements.

Bezeichnung	Standard
SSO-01 Policies and Procedures for Controlling and Monitoring Service Organisations	-
SSO-02 Risk Assessment of Service Organisations	-
SSO-03 Data Processing of Service Organisations	-
SSO-04 Directory of Service Organisations	-
SSO-05 Monitoring of Compliance with Requirements	-
SSO-06 Contract Termination Strategy for Service Organisations	-
SSO-07 Ensuring Transparency within Service Organisations	-
SSO-08 Controlling Exchanges with Suppliers of Functional Components	-

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html

Impressum