+SSO-04 Directory of Service Organisations
---+SSO-04.01B
---+SSO-04.02B

1. Übersicht

SSO-04 Directory of Service Organisations

SSO-04.01B

The cloud service provider maintains a directory for controlling and monitoring the service organisations that contribute services to the delivery of the cloud service. The following information is maintained in the directory:

1. Company name;
2. Address of the head office;
3. Applicable legal jurisdiction;
4. Locations where cloud service customer data, cloud service derived data, cloud service provider data and account data is processed and stored;
5. Responsible contact group/person at the service organisation;
6. Responsible contact group/person at the cloud service provider;
7. Description of the service;
8. Classification based on the risk assessment;
9. Beginning of service usage; and
10. Proof of compliance with contractually agreed requirements.

It is not necessary to maintain a single central register in order to fulfil the basic criterion.

SSO-04.02B

The inventory is reviewed at least annually for completeness, accuracy and validity of the information.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html