Public Cloud Security Standard template

Public Cloud Security Standard

The Public Cloud Security Standard (the Standard) establishes security requirements and controls to maintain the Confidentiality, integrity, and availability of the Company’s data in the public cloud.

The Public Cloud Security Standard is established to ensure proper and effective use of cloud-based services to protect Company’s data and assets. The public cloud is multi-tenant environment and offers limited control over hosted data and services. Lack of sufficient security controls may lead to disclosure of sensitive or confidential data or may adversely impact the data integrity or service availability. This may result in legal, regulatory or contractual non-compliance and reputational loss to the Company.

This standard applies to Company information assets that process or store Company information and to all personnel with access to such assets. This includes any systems operating within Company’s network as well as any third party hosted services. This standard is limited to Company public cloud infrastructure; controls included in this standard are not applicable to private cloud infrastructure.

A public cloud is one in which the infrastructure and computational resources are made available to the general public as a multitenancy service on shared physical resources, generally accessed over the Internet. It is owned and operated by a cloud provider delivering cloud services to consumers and, by definition, is external to the consumers’ organizations.

A private cloud is one in which the computing environment is operated exclusively for a single organization. It may be managed by the organization or by a third party. It may also be hosted within an organization’s data center or a third-party data center.

CONTENT

1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. COMPARISON OF TRADITIONAL MODEL VERSUS CLOUD SERVICE DELIVERY MODELS
4. STANDARD
4.1 GOVERNANCE
4.2 GENERAL CONTROLS
4.3 IDENTITY AND ACCESS MANAGEMENT (IAM) CONTROLS
4.4 IAAS / PAAS CONTROLS
4.5 SAAS CONTROLS
5. ROLES AND RESPONSIBILITIES
6. EXCEPTIONS
7. FINAL CONSIDERATIONS
7.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
7.2 DOCUMENT REVISION

Pages: 17

Review Public Cloud Security Standard.

Related Products:

€1,699.00

Purchase

This bundle contains all the products listed in the Data Governance section. Take advantage of the 25% OFF when buying the bundle!

€79.00

Purchase

The objective of the Business Continuity Management Policy is to establish the framework for the proper business continuity management of the Company.

€79.00

Purchase

The purpose of this Business Continuity Plan Procedure is to provide an effective, fit-for-purpose, predefined and documented framework and process to enable the Business Continuity Management of the Company’s Mission Critical Activities and their dependencies.