Cloud Compliance Audit: Learn More On The Unified Certification Standard From The MSP Alliance

Cloud Compliance Audit

I have written previously about various types of audits that are necessary to validate your cloud service.  In this post, I will cover the cloud service audit that helps you pick the right cloud service provider (CSP). While it is important that customers take the initiative in checking the various guarantees offered by the vendor on their own, it is helpful to have an industry certification that verifies each of the major parameters and that backup the vendor’s claims.

The Unified Certification Standard (UCS) from the industry body, the International Association of Managed Service Providers (MSP Alliance), shows promise in this regard.

The UCS, previously known as the Managed Services Accreditation Program (MSAP), has auditors who visit the facilities of the CSPs that request to be audited, and evaluate the CSP on eleven major control objectives.

1. Provider organization, governance, planning and risk management

This verifies that the vendor company has established an organizational structure that will allow it to effectively manage their services and provide an appropriate level of risk management.

2. Documented policies and procedures

This part verifies that the employees are trained and made aware of compliance procedures and that there is a periodical review of those procedures.

3. Service change management

This part verifies that the vendor is properly documenting the capacity planning and control change operations.

4. Event management

Customer support is essential for cloud computing customers. Thus, the audit verifies that the vendor has an established ticketing system and a help desk, and that it staffs their Network Operations Center (NOC) with trained personnel.

5. Logical security

Physical access to the servers and password management procedures are verified in this audit.

6. Change management

This part of the audit verifies that changes to policies and systems are logged and documented.

7. Data integrity

Security of your organization’s data is very important, and in this audit the vendor’s policies concerning data access and security policies are evaluated.

8. Physical and environmental security

The vendor must have sufficient safeguards in its datacenter to protect itself against vandalism and other kind of attacks. Apart from this, the audit checks that the environment is sufficiently safe from natural forces and has an effective DR/BC (Disaster Recovery/Business Continuity) planning.

9. Service level agreements

The vendor must provide SLAs that are duly signed by the clients.

10. Client reporting, billing and satisfaction

The vendor must provide proper invoicing and billing and send periodic reports to its customers.

11. Financial health

To ensure that you have an uninterrupted access to your services, the vendor’s financial position must be stable and it must have been running a profitable business over the past six months.

All these factors are important for any cloud customer, and it would be great if all CSPs were accredited according to these objectives. Let us know, if your vendor is accredited by UCS and share your experiences.

By Balaji Viswanathan

Sorry, comments are closed for this post.

Comic
The Lighter Side Of The Cloud – Data Merge

The Lighter Side Of The Cloud – Data Merge

By Christian Mirra Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via @cloudtweaks) to our original comic sources is greatly appreciated.

The Rise Of Threat Intelligence Sharing

The Rise Of Threat Intelligence Sharing

Threat Intelligence Sharing  Security has been discussed often on CloudTweaks and for good reason. It is one of the most sought after topics of information in the technology industry.  It is virtually impossible to wake up and not read a headline that involves the words “Breached, Hacked, Compromised or Extorted (Ransomware)“. Included (below) is an…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

Higher Education Institutions Increasing Cloud Use In Next 5 Years

Higher Education Institutions Increasing Cloud Use In Next 5 Years

Cloud Computing Advancing Edtech In a new research study by ResearchMoz it’s predicted that the global cloud computing market in higher education will grow steadily at a CAGR of 24.57% over the period 2016 to 2020. Making use of computing resources connected by either public or private networks provides the benefits of scalable infrastructure, greater…

Big Data and AI Hold Greatest Promise For Healthcare Technologies

Big Data and AI Hold Greatest Promise For Healthcare Technologies

Digital Healthcare Executives and Investors Addressed Opportunities and Challenges Facing the Industry New York City – September 21, 2016 – According to a survey of 122 founders, executives and investors in health-tech companies released today by Silicon Valley Bank, big data and artificial intelligence will have the greatest impact on the industry in the year ahead. Healthcare…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The cloud is capable of delivering many benefits, enabling greater collaboration, business agility, and speed to market. Cloud adoption in the enterprise has been growing fast. Worldwide spending on public cloud services will grow at a…

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

Data Science and Machine Learning Security breaches have been consistently rising in the past few years. Just In 2015, companies detected 38 percent more security breaches than in the previous year, according to PwC’s Global State of Information Security Survey 2016. Those breaches are a major expense — an average of $3.79 million per company,…

Do Small Businesses Need Cloud Storage Service?

Do Small Businesses Need Cloud Storage Service?

Cloud Storage Services Not using cloud storage for your business yet? Cloud storage provides small businesses like yours with several advantages. Start using one now and look forward to the following benefits: Easy back-up of files According to Practicalecommerce, it provides small businesses with a way to back up their documents and files. No need…

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations Everyone knows what the cloud is, but does everybody know where the cloud is? We try to answer that as we look at some of the most unusual data centre locations in the world. Under the Eyes of a Deity Deep beneath the famous Uspenski Cathedral in the…

Protecting Your Web Applications In A Hybrid Cloud Environment

Protecting Your Web Applications In A Hybrid Cloud Environment

Protecting Your Web Applications It’s no secret that organizations are embracing the cloud and all the benefits that it entails. Whether its cost savings, increased flexibility or enhanced productivity – businesses around the world are leveraging the cloud to scale their business and better serve their customers. They are using a variety of cloud solutions…

The Big Data Movement Gets Bigger

The Big Data Movement Gets Bigger

The Big Data Movement In recent years, Big Data and Cloud relations have been growing steadily. And while there have been many questions raised around how best to use the information being gathered, there is no question that there is a real future between the two. The growing importance of Big Data Scientists and the…

Cloud Infographic – Disaster Recovery

Cloud Infographic – Disaster Recovery

Disaster Recovery Business downtime can be detrimental without a proper disaster recovery plan in place. Only 6% of businesses that experience downtime without a plan will survive long term. Less than half of all businesses that experience a disaster are likely to reopen their doors. There are many causes of data loss and downtime —…