• Home

  • Documents

  • Cloud Assurance poster - Print this poster on A3 format and use it as a checklist
1
Business challenges in the cloud Security & Privacy Governance Operations Finance & Tax Vendors Assurance Third party vendor(s) Cloud service provider Network Customer organisation Data centre Cloud services ecosystem • Are any third party vendors involved which could potentially impact compliance? • What is the third party vendor’s role? • What is the relationship between the primary cloud service provider and the third party? • What level of assurance does the third party offer the primary cloud service provider? • Is this level of assurance sufficient to achieve and maintain compliance? • How is the entire cloud system monitored in terms of compliance? Data location • Where is the customer’s data stored, processed and archived? • How is the customer’s data isolated and separated from other customer data? • Within which jurisdiction does the provider and its data centre fall? • What are the data deletion/destruction policies after termination of the contract? Public cloud • To what level/degree are the IT services shared with other customers (facilities, network, hardware, software, support staff)? • To what level/degree are the IT services standardised; what is the IT services customisation potential? • How does the provider support forensic analysis by independent researchers? Certifications • What assurance and quality statements can the provider offer? • Which frameworks are used? • Which audit tools and methods are used? • Are all risk areas covered by the controls? • What is the validity/acceptance of the frameworks used? • What are the intervals for (re)certification? • Are the current certifications up-to-date? • What are the provider’s current deficiencies and issues and what is the status of the follow-ups? Regulatory compliance • Data privacy directive • Basel • Solvency • SOx • PCI DSS Trends and changes • What current initiatives are underway and what changes can be expected? • What are the political fields of influence? • How do other organisations cope with rules and regulations? Licence to operate • Which (local, international) laws, rules and directives apply to the customer organisation? • Which IT services are in scope of regulatory compliance? • What is the current level of compliance? Data protection and business continuity • What is the criticality of the business data? • What are the organisation’s principles, requirements and expected levels regarding IT services? • What are the minimum measures and controls which must be in place? External private cloud • To what level/degree are the IT services dedicated to customer (facilities, network, hardware, software, support staff)? • To what extent can the IT environment be audited by the customer (‘right to audit’)? Network resilience • What degree of assurance does the network offer in terms of availability and performance? • What security mechanisms are applied to the network(s)? • What is the relationship between the cloud service provider(s) and the network provider(s)? Security and performance • Security standards • Business continuity • Service availability • SLAs Key contacts Jaap van Beek | Partner T: +31 6 5325 6697 E: [email protected] John Hermans | Partner T: +31 6 5136 6389 E: [email protected] Areas of importance and key questions Orchestrating the Cloud: Assurance

Cloud Assurance poster - Print this poster on A3 format and use it as a checklist

  • Upload
    mike-c

  • View
    949

  • Download
    3

Embed Size (px)

DESCRIPTION

KPMG's cloud assurance poster - print it on A3 format or bigger and use it as a handy checklist

Citation preview

Page 1: Cloud Assurance poster - Print this poster on A3 format and use it as a checklist

Business challenges

in the cloud

Security&

Privacy

Governance

Operations

Finance&

Tax

Vendors

Assurance

Third party vendor(s)

Cloud service provider

Network

Customer organisation

Data centre

Cloud services ecosystem• Areanythirdpartyvendorsinvolvedwhich

couldpotentiallyimpactcompliance?• Whatisthethirdpartyvendor’srole?• Whatistherelationshipbetweentheprimary

cloudserviceproviderandthethirdparty?• Whatlevelofassurancedoesthethirdparty

offertheprimarycloudserviceprovider?• Isthislevelofassurancesufficienttoachieve

andmaintaincompliance?• Howistheentirecloudsystemmonitoredin

termsofcompliance?

Data location• Whereisthecustomer’sdatastored,

processedandarchived?• Howisthecustomer’sdataisolatedand

separatedfromothercustomerdata?• Withinwhichjurisdictiondoestheprovider

anditsdatacentrefall?• Whatarethedatadeletion/destruction

policiesafterterminationofthecontract?

Public cloud• Towhatlevel/degreearetheITservicesshared

withothercustomers(facilities,network,hardware,software,supportstaff)?

• Towhatlevel/degreearetheITservicesstandardised;whatistheITservicescustomisationpotential?

• Howdoestheprovidersupportforensicanalysisbyindependentresearchers?

Certifications• Whatassuranceandqualitystatementscan

theprovideroffer?• Whichframeworksareused?• Whichaudittoolsandmethodsareused?• Areallriskareascoveredbythecontrols?• Whatisthevalidity/acceptanceofthe

frameworksused?• Whataretheintervalsfor(re)certification?• Arethecurrentcertificationsup-to-date?• Whataretheprovider’scurrentdeficienciesand

issuesandwhatisthestatusofthefollow-ups?

Regulatory compliance

•Dataprivacydirective•Basel•Solvency•SOx•PCIDSS

Trends and changes• Whatcurrentinitiativesareunderwayand

whatchangescanbeexpected?• Whatarethepoliticalfieldsofinfluence?• Howdootherorganisationscopewithrules

andregulations?

Licence to operate• Which(local,international)laws,rulesand

directivesapplytothecustomerorganisation?• WhichITservicesareinscopeofregulatory

compliance?• Whatisthecurrentlevelofcompliance?

Data protection and business continuity• Whatisthecriticalityofthebusinessdata?• Whataretheorganisation’sprinciples,

requirementsandexpectedlevelsregardingITservices?

• Whataretheminimummeasuresandcontrolswhichmustbeinplace?

External private cloud• Towhatlevel/degreearetheITservices

dedicatedtocustomer(facilities,network,hardware,software,supportstaff)?

• TowhatextentcantheITenvironmentbeauditedbythecustomer(‘righttoaudit’)?

Network resilience• Whatdegreeofassurancedoesthenetwork

offerintermsofavailabilityandperformance?• Whatsecuritymechanismsareappliedto

thenetwork(s)?• Whatistherelationshipbetweenthecloud

serviceprovider(s)andthenetworkprovider(s)?

Security and performance

•Securitystandards•Businesscontinuity•Serviceavailability•SLAs

Key contacts

JaapvanBeek|PartnerT:+31653256697E:[email protected]

JohnHermans|PartnerT:+31651366389E:[email protected]

Areas of importance and key questions

Orchestrating the Cloud: Assurance

Galileocomputing Poster Check Point a3

Galileocomputing Poster Check Point a3

Documents
Offer poster a3 aw

Offer poster a3 aw

Documents
A3 Poster New Design · Title: A3 Poster New Design.indd Created Date: 8/3/2016 2:12:34 PM

A3 Poster New Design · Title: A3 Poster New Design.indd Created Date: 8/3/2016 2:12:34 PM

Documents
Additional Tasks Poster A3 col - EMSSA · Title: Additional Tasks Poster A3 col.indd Created Date: 20121026044643Z

Additional Tasks Poster A3 col - EMSSA · Title: Additional Tasks Poster A3 col.indd Created Date: 20121026044643Z

Documents
Cubs100 A3 poster

Cubs100 A3 poster

Documents
A3 poster for film Festival

A3 poster for film Festival

Documents
a3 POSTER - FOR PRINTING2

a3 POSTER - FOR PRINTING2

Documents
Clinidirect home delivery a3 poster

Clinidirect home delivery a3 poster

Documents
Boxing Day A3 Landscape Poster

Boxing Day A3 Landscape Poster

Documents
StatusNo Poster - Style 1 - A3

StatusNo Poster - Style 1 - A3

Documents
Dangerous Times Festival A3 poster

Dangerous Times Festival A3 poster

Documents
Osvaldo Tchissola A3 PDF Poster

Osvaldo Tchissola A3 PDF Poster

Documents
Poster A3 de l'apdf.pourlesciences

Poster A3 de l'apdf.pourlesciences

Education
Poster A3 PLANET last · Poster A3 PLANET_last.psd Author: Alessandro Created Date: 1/21/2019 6:11:37 PM

Poster A3 PLANET last · Poster A3 PLANET_last.psd Author: Alessandro Created Date: 1/21/2019 6:11:37 PM

Documents
CHAS A3 Poster English

CHAS A3 Poster English

Documents
Poster a3 print

Poster a3 print

Documents
Elements poster A3 UPDATED

Elements poster A3 UPDATED

Documents
Mega poster 02 a3

Mega poster 02 a3

Design
A3 Poster - Supporting our Diggers

A3 Poster - Supporting our Diggers

Documents
A3 MADE Poster Designs

A3 MADE Poster Designs

Documents
2586 A3 Poster v10 - Institute of Biomedical Science...Title 2586 A3 Poster v10.indd Created Date 20190305171356Z

2586 A3 Poster v10 - Institute of Biomedical Science...Title 2586 A3 Poster v10.indd Created Date 20190305171356Z

Documents
HSC A3 poster 2015.pdf

HSC A3 poster 2015.pdf

Documents
StatusNo Poster - Style 2 - A3

StatusNo Poster - Style 2 - A3

Documents
Holden A3 Poster

Holden A3 Poster

Documents
PowerPoint poster a3 in vector graphics

PowerPoint poster a3 in vector graphics

Design
music night poster a3 - tpomps.edu.hk

music night poster a3 - tpomps.edu.hk

Documents
PH -A3 poster 181115

PH -A3 poster 181115

Documents
A3 poster 30.1.15

A3 poster 30.1.15

Documents
A3 Poster 27.3.15

A3 Poster 27.3.15

Documents
Rob Burrow A3 Indies Poster

Rob Burrow A3 Indies Poster

Documents