Cloud Compliance Audit: Learn More On The Unified Certification Standard From The MSP Alliance

Cloud Compliance Audit

I have written previously about various types of audits that are necessary to validate your cloud service.  In this post, I will cover the cloud service audit that helps you pick the right cloud service provider (CSP). While it is important that customers take the initiative in checking the various guarantees offered by the vendor on their own, it is helpful to have an industry certification that verifies each of the major parameters and that backup the vendor’s claims.

The Unified Certification Standard (UCS) from the industry body, the International Association of Managed Service Providers (MSP Alliance), shows promise in this regard.

The UCS, previously known as the Managed Services Accreditation Program (MSAP), has auditors who visit the facilities of the CSPs that request to be audited, and evaluate the CSP on eleven major control objectives.

1. Provider organization, governance, planning and risk management

This verifies that the vendor company has established an organizational structure that will allow it to effectively manage their services and provide an appropriate level of risk management.

2. Documented policies and procedures

This part verifies that the employees are trained and made aware of compliance procedures and that there is a periodical review of those procedures.

3. Service change management

This part verifies that the vendor is properly documenting the capacity planning and control change operations.

4. Event management

Customer support is essential for cloud computing customers. Thus, the audit verifies that the vendor has an established ticketing system and a help desk, and that it staffs their Network Operations Center (NOC) with trained personnel.

5. Logical security

Physical access to the servers and password management procedures are verified in this audit.

6. Change management

This part of the audit verifies that changes to policies and systems are logged and documented.

7. Data integrity

Security of your organization’s data is very important, and in this audit the vendor’s policies concerning data access and security policies are evaluated.

8. Physical and environmental security

The vendor must have sufficient safeguards in its datacenter to protect itself against vandalism and other kind of attacks. Apart from this, the audit checks that the environment is sufficiently safe from natural forces and has an effective DR/BC (Disaster Recovery/Business Continuity) planning.

9. Service level agreements

The vendor must provide SLAs that are duly signed by the clients.

10. Client reporting, billing and satisfaction

The vendor must provide proper invoicing and billing and send periodic reports to its customers.

11. Financial health

To ensure that you have an uninterrupted access to your services, the vendor’s financial position must be stable and it must have been running a profitable business over the past six months.

All these factors are important for any cloud customer, and it would be great if all CSPs were accredited according to these objectives. Let us know, if your vendor is accredited by UCS and share your experiences.

By Balaji Viswanathan

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

CONTRIBUTORS

Shaking Up The Cloud Technology Marketplace

Shaking Up The Cloud Technology Marketplace

Cloud Technology Marketplace Cloud continues its devastating rearrangement of the technology marketplace. As legacy vendors struggle to compete many deck ...
WordPress Security 101 – Protecting Against Insider Threats

WordPress Security 101 – Protecting Against Insider Threats

Protecting Against Insider Threats Continued from part 1 of our 5 part Wordpress security series. A recent Breach Level Index report by ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have ...
Cloud and the Convenience Solution

Cloud and the Convenience Solution

Cloud Mobility Buying a new phone is always an exciting endeavour. Whether you had just broken your phone (ouch) or ...
Have you Heard? The Chinese Cloud Is Coming!

Have you Heard? The Chinese Cloud Is Coming!

Alibaba challenges Amazon “Alibaba challenges Amazon in the Cloud marketplace!” Analysts are almost breathless in their commentary. What’s the real ...
Coping with the Internet of (Risky) Things

Coping with the Internet of (Risky) Things

Internet of (Risky) Things The train appears to have left the station, and device manufacturers – makers of everything from ...
Part 2 - Connected Vehicles: Paving the Way for IoT on Wheels

Part 2 – Connected Vehicles: Paving the Way for IoT on Wheels

Connected Vehicles: IoT on Wheels As vehicles become the hottest “thing” in IoT, the automotive, heavy equipment, and machinery industries ...

NEWS

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

EDINBURGH, Scotland, Nov. 21, 2017 /PRNewswire-USNewswire/ -- The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices ...
EU privacy regulators to discuss Uber hack next week

EU privacy regulators to discuss Uber hack next week

BRUSSELS (Reuters) - European Union privacy regulators will discuss ride-hailing app Uber’s [UBER.UL] massive data breach cover-up next week and ...
OVH Announces New Hosted Private Cloud Offerings for US Market

OVH Announces New Hosted Private Cloud Offerings for US Market

OVH delivers next-generation services for hosted private cloud, disaster recovery, and hybridity leveraging industry-leading solutions RESTON, VA--(Marketwired - Nov 20, ...

SPONSORS

Scale your Windows Azure application

Understanding The Importance Of A Flexible Hybrid Cloud Solution

Flexible Hybrid Cloud Solution The cloud computing revolution continues to gather pace, and more and more businesses are coming on-board ...
Security: The Goodwill Virus That Keeps On Giving

Security: The Goodwill Virus That Keeps On Giving

The Goodwill Virus When Caitlyn Jenner officially introduced herself to the world by way of a Vanity Fair cover story ...
Scale your Windows Azure application

Help Your Business Improve Security By Choosing The Right Cloud Provider

Choosing The Right Cloud Provider Security issues have always been a key aspect of business planning; failure to properly protect ...