Cloud Computing ComplianCe Controls Catalogue (C5) | taBle oF Content

4 Framework conditions of the cloud service (surrounding parameters

for transparency) 27

„ UP-01 System description 27

„ UP-02 Jurisdiction and data storage, processing and
backup locations 27
„ UP-03 Disclosure and investigatory powers 28
„ UP-04 Certifications 28

5 Objectives and requirements 30

5.1 Organisation of information security 30

„ OIS-01 Information security management system (ISMS) 30

„ OIS-02 Strategic targets regarding information security
and responsibility of the top management 30
„ OIS-03 Authorities and responsibilities in the framework
of information security 31
„ OIS-04 Separation of functions 31
„ OIS-05 Contact with relevant government agencies and
interest groups 32
„ OIS-06 Policy for the organization of the risk
management 32
„ OIS-07 Identification, analysis, assessment and handling
of risks 32

5.2 Security policies and work instructions 33

„ SA-01 Documentation, communication and provision of

policies and instructions 33
„ SA-02 Review and approval of policies and
instructions 34
„ SA-03 Deviations from existing policies and
instructions 34

5.3 Personnel 35

„ HR-01 Security check of the background

information 35
„ HR-02 Employment agreements 36
„ HR-03 Security training and awareness-raising
programme 36
„ HR-04 Disciplinary measures 36
„ HR-05 Termination of the employment relationship or
changes to the responsibilities 36

5.4 Asset management 37

„ AM-01 Asset inventory 37