30th May 2018
From PHUSE Wiki
Attendees: Anders, Andrew, Hans peter, Martin
- Comments from Martin on framework paper version 3
- How do you account for monitoring alerting standards for a cloud environment
- We do not directly mention this as cloud is just about technology the basic requirements do not change
- We have to make this more clear
- Comment 16
- The value of an on-site audit is not limited to an inspection of the data centre
- Did we say this in the document ?
- The fact that physical resources cannot be visually inspected does not mean there is nothing else to inspect, such as access controls and policies.
- Anders - We start to make an assessment of third parties reports we also document this assessment
- 'Provider's as facilities' sentence could be miss leading
- Martin - There is one major cloud provider which is not willing to take place in the face to face audit
- It reads as its ok if the vendor does not allow an outside inspection, we should not give a firm yes or no. We should highlight benefits of doing a face to face audit.