30th May 2018

From PHUSE Wiki
Jump to: navigation, search

Attendees: Anders, Andrew, Hans peter, Martin

Apologies: Stuart

Agenda:


  • Comments from Martin on framework paper version 3
    • How do you account for monitoring alerting standards for a cloud environment
    • We do not directly mention this as cloud is just about technology the basic requirements do not change
    • We have to make this more clear


  • Comment 16
  • The value of an on-site audit is not limited to an inspection of the data centre
    • Did we say this in the document ?


  • The fact that physical resources cannot be visually inspected does not mean there is nothing else to inspect, such as access controls and policies.
    • Anders - We start to make an assessment of third parties reports we also document this assessment
    • 'Provider's as facilities' sentence could be miss leading
    • Martin - There is one major cloud provider which is not willing to take place in the face to face audit
    • It reads as its ok if the vendor does not allow an outside inspection, we should not give a firm yes or no. We should highlight benefits of doing a face to face audit.