EU Code of Conduct for Cloud Service Providers - A guide to compliance

Table of contents

1. Cover Image
2. Title Page
3. Copyright
4. About the Author
5. Contents
6. Introduction
   1. Why should my organisation use the Code?
   2. Scope and structure of the Code
7. Chapter 1: Data protection requirements
   1. 5.1 Terms and conditions of the Cloud services agreement
   2. 5.2 Processing personal data lawfully
   3. 5.3 Sub-processing
   4. 5.4 International transfers of customer’s personal data
   5. 5.5 Right to audit
   6. 5.6 Liability
   7. 5.7 Cooperation with the customer
   8. 5.8 Records of processing
   9. 5.9 Data protection point of contact
   10. 5.10 Rights of the data subject
   11. 5.11 Cooperation with supervisory authorities
   12. 5.12 Confidentiality of the processing
   13. 5.13 Assistance with personal data breaches
   14. 5.14 Termination of the Cloud services agreement
8. Chapter 2: Security requirements
   1. 6.1 General security requirements
9. Chapter 3: Detailed security objectives
   1. Objective 1 – Management direction for information security
   2. Objective 2 – Organisation of information security
   3. Objective 3 – Human resources security
   4. Objective 4 – Asset management
   5. Objective 5 – Access controls
   6. Objective 6 – Encryption
   7. Objective 7 – Physical and environmental security
   8. Objective 8 – Operational security
   9. Objective 9 – Communications security
   10. Objective 10 – System development and maintenance
   11. Objective 11 – Suppliers
   12. Objective 12 – Information security incident management
   13. Objective 13 – Information security in business continuity
10. Chapter 4: Transparency
11. Chapter 5: Assessment and certification
    1. Initial assessment
    2. Ongoing assessment and monitoring
12. Chapter 6: Conclusion
13. Further reading