+SSO-08 Controlling Exchanges with Suppliers of Functional Components
---+SSO-08.01B
---+SSO-08.02B
---+SSO-08.03B
|
1. Übersicht
SSO-08 Controlling Exchanges with Suppliers of Functional Components
-
| Bezeichnung |
Standard |
|
SSO-08.01B
|
When functional components used for the provision of the cloud service may directly or indirectly access cloud service customer data, the cloud service provider defines and implements a policy according to SP-01 that does not allow a direct exchange between such components and their suppliers.
A supplier of a functional component is typically a service organisation of the cloud service provider. The authorisation for the transfer may be automated. Content provided by the supplier refers to updates of the functional components.
|
|
SSO-08.02B
|
In addition, procedures are defined and implemented according to SP-01 that require the cloud service provider to authorise any content provided by a supplier for its functional components or to be sent from a functional component to its supplier. The authorisation takes place before the content is transferred and for each transfer.
A supplier of a functional component is typically a service organisation of the cloud service provider. The authorisation for the transfer may be automated. Content provided by the supplier refers to updates of the functional components.
|
|
SSO-08.03B
|
When a procedure for authorising content before its transfer is automated, the cloud service provider implements it using a solution that maintains traces of:
1. The operations that are proposed by the functional component's supplier;
2. The verification that is performed to authorise the content before its transfer; and
3. The transfers, both incoming and outgoing, that are effectively performed.
A supplier of a functional component is typically a service organisation of the cloud service provider. The authorisation for the transfer may be automated. Content provided by the supplier refers to updates of the functional components.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|