+DEV-04.01B

1. Overview

DEV-04.01B

The cloud service provider provides a training programme for regular, role-based security training and awareness for internal and external personnel on standards and methods for:

1. Secure software development and provision as well as on how to use the tools used for this purpose; and
2. Risks linked to malicious code and best practices to reduce the impact of an infection.

This is a specialised criteria for safety training and awareness programmes for a particular target group. In HR-03, general properties of such trainings and programmes are defined.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html