30th May 2018

From PHUSE Wiki
Revision as of 09:48, 10 August 2018 by Laurenwhite (talk | contribs) (Created page with "'''Attendees''': Anders, Andrew, Hans peter, Martin '''Apologies''': Stuart '''Agenda''': *Comments from Martin on framework paper version 3 **How do you account for mo...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Attendees: Anders, Andrew, Hans peter, Martin

Apologies: Stuart


  • Comments from Martin on framework paper version 3
    • How do you account for monitoring alerting standards for a cloud environment
    • We do not directly mention this as cloud is just about technology the basic requirements do not change
    • We have to make this more clear

  • Comment 16
  • The value of an on-site audit is not limited to an inspection of the data centre
    • Did we say this in the document ?

  • The fact that physical resources cannot be visually inspected does not mean there is nothing else to inspect, such as access controls and policies.
    • Anders - We start to make an assessment of third parties reports we also document this assessment
    • 'Provider's as facilities' sentence could be miss leading
    • Martin - There is one major cloud provider which is not willing to take place in the face to face audit
    • It reads as its ok if the vendor does not allow an outside inspection, we should not give a firm yes or no. We should highlight benefits of doing a face to face audit.