+SSO-07 Ensuring Transparency within Service Organisations
---+SSO-07.01B
---+SSO-07.02B
---+SSO-07.01AS
|
1. Übersicht
SSO-07 Ensuring Transparency within Service Organisations
-
| Bezeichnung |
Standard |
|
SSO-07.01B
|
The cloud service provider designs, implements and maintains controls to ensure transparency within its service organisations with respect to the following aspects:
1. Data flow and interfaces between the cloud service provider and service organisations used by the cloud service provider are documented, including measures regarding the secure transmission and access control for data shared with service organisations; and
2. Cloud service customers are informed of service organisations used by the cloud service provider for development and operation of the cloud service and what type of data these service organisations and their subcontractors are processing.
Cloud service customers are informed which of the service organisations themselves use subcontractors to process cloud service customer data.
This criterion addresses the need for managing supply chain risks (e.g. service organisation vulnerabilities, data handling practices, compliance gaps or operational disruptions) and for those risks to be communicated to cloud service customers, enabling them to monitor and manage their own supply chain risks effectively.
|
|
SSO-07.02B
|
The cloud service provider documents this information and reviews its completeness, accuracy and validity at least annually.
|
|
SSO-07.01AS
|
The cloud service provider designs, implements and maintains controls to ensure transparency within its service organisations with respect to the following aspects:
1. Data flow and interfaces between the cloud service provider and service organisations used by the cloud service provider are documented, including measures regarding the secure transmission and access control for data shared with service organisations; and
2. Cloud service customers are informed of service organisations and their subcontractors used by the cloud service provider for development and operation of the cloud service and what type of data these service organisations and their subcontractors are processing.
Cloud service customers are informed which of the service organisations themselves use subcontractors to process cloud service customer data.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|