Cloud Computing ComplianCe Controls Catalogue (C5) | taBle oF Content
4 Framework conditions of the cloud service (surrounding parameters
for transparency) 27
UP-01 System description 27
UP-02 Jurisdiction and data storage, processing and backup locations 27 UP-03 Disclosure and investigatory powers 28 UP-04 Certifications 28
5 Objectives and requirements 30
5.1 Organisation of information security 30
OIS-01 Information security management system (ISMS) 30
OIS-02 Strategic targets regarding information security and responsibility of the top management 30 OIS-03 Authorities and responsibilities in the framework of information security 31 OIS-04 Separation of functions 31 OIS-05 Contact with relevant government agencies and interest groups 32 OIS-06 Policy for the organization of the risk management 32 OIS-07 Identification, analysis, assessment and handling of risks 32
5.2 Security policies and work instructions 33
SA-01 Documentation, communication and provision of
policies and instructions 33 SA-02 Review and approval of policies and instructions 34 SA-03 Deviations from existing policies and instructions 34
5.3 Personnel 35
HR-01 Security check of the background
information 35 HR-02 Employment agreements 36 HR-03 Security training and awareness-raising programme 36 HR-04 Disciplinary measures 36 HR-05 Termination of the employment relationship or changes to the responsibilities 36