+COM-03.03B

1. Overview

COM-03.03B

Identified vulnerabilities and deviations as well as non-conformities from the applicable legal, regulatory, self-imposed and contractual requirements relevant to the information security of the cloud service, are subjected to a risk assessment in accordance with the risk management procedure (cf. OIS-07). Follow-up measures are defined and tracked (cf. OPS-18).

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html