+SOV-2-02-SI

1. Overview

SOV-2-02-SI

The audit rights may be derived from a contract or law that explicitly reserves the right for the federal or national authority to conduct audits. If possible, the authority tries to make use of existing audits (e.g., BSI C5, SOC 2 Type 2) before carrying out an audit. Any audit shall be conducted in accordance with the cloud service provider's strict security and confidentiality protocols, including defined notice periods, to protect the data of other tenants and the integrity of the data centre. While costs are a commercial matter, the right to audit is a regulatory mandate. Fees shall not be so high as to effectively deny this right.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

BSI C3A - Criteria enabling Cloud Computing Autonomy -
Copyright by Bundesamt für Sicherheit in der Informationstechnik

C3A - Criteria enabling Cloud Computing Autonomy

Published under Creative-Commons-License CC-BY-ND 4.0 International.