Scribd
Upload
16 views1 page

Table of Co: Cloud Computing Compliance Controls Catalogue (C5)

The document is a table of contents for the Cloud Computing Compliance Controls Catalogue (C5). Section 1 introduces the current situation and uniform requirements based on standards. Section 2 describes the structure and contents of C5, including control areas and underlying standards. Section 3 discusses proving conformity through independent audits, including auditing standards, the audit scope, objectives, and reporting. It also covers separate BSI requirements for auditors and updates to C5.

Uploaded by

SNFK2018
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views1 page

Table of Co: Cloud Computing Compliance Controls Catalogue (C5)

The document is a table of contents for the Cloud Computing Compliance Controls Catalogue (C5). Section 1 introduces the current situation and uniform requirements based on standards. Section 2 describes the structure and contents of C5, including control areas and underlying standards. Section 3 discusses proving conformity through independent audits, including auditing standards, the audit scope, objectives, and reporting. It also covers separate BSI requirements for auditors and updates to C5.

Uploaded by

SNFK2018
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Cloud Computing ComplianCe Controls Catalogue (C5) | taBle oF Content

Table of Co

1 Introduction 10

1.1 Current situation 10

1.2 Uniform requirements based on existing standards 10

2 Structure and contents of C5 13

2.1 Structure of C5 13

2.2 Content-related presentation of the controls areas 14

2.3 Underlying national and international standards 16

3 Proving conformity with the requirements by an independent audit 18

3.1 Introduction 18

3.2 Auditing standards and criteria 18

3.2.1 ISAE 3000 (Revised) as auditing standard 18


3.2.2 Correspondingly applying further auditing standards 19
3.2.3 Criteria 20

3.3 Subject of the audit including system description 20

3.3.1 Subject of the audit 20


3.3.2 System description of the cloud provider 21
3.3.3 Use of evidence from other audits 22

3.4 Audit objective and reporting 23

3.4.1 Audit objective 23


3.4.2 Reporting of the auditor 23

3.5 Separate and supplementary requirements of the BSI 23

3.5.1 Qualification of the auditor 23


3.5.2 Reporting on existing and/or identified exceptions to
the requirements 24
3.5.3 Information on the limitation of liability 24
3.5.4 Updates of C5 25

3.6 Application notes for potential cloud customers: Regular


audits and contractual assurance 25

You might also like