Compliance Audit: Learn More On The Unified Certification Standard

Cloud Compliance Audit

I have written previously about various types of audits that are necessary to validate your cloud service.  In this post, I will cover the cloud service audit that helps you pick the right cloud service provider (CSP). While it is important that customers take the initiative in checking the various guarantees offered by the vendor on their own, it is helpful to have an industry certification that verifies each of the major parameters and that backup the vendor’s claims.

The Unified Certification Standard (UCS) from the industry body, the International Association of Managed Service Providers (MSP Alliance), shows promise in this regard.

The UCS, previously known as the Managed Services Accreditation Program (MSAP), has auditors who visit the facilities of the CSPs that request to be audited, and evaluate the CSP on eleven major control objectives.

1. Provider organization, governance, planning and risk management

This verifies that the vendor company has established an organizational structure that will allow it to effectively manage their services and provide an appropriate level of risk management.

2. Documented policies and procedures

This part verifies that the employees are trained and made aware of compliance procedures and that there is a periodical review of those procedures.

3. Service change management

This part verifies that the vendor is properly documenting the capacity planning and control change operations.

4. Event management

Customer support is essential for cloud computing customers. Thus, the audit verifies that the vendor has an established ticketing system and a help desk, and that it staffs their Network Operations Center (NOC) with trained personnel.

5. Logical security

Physical access to the servers and password management procedures are verified in this audit.

6. Change management

This part of the audit verifies that changes to policies and systems are logged and documented.

7. Data integrity

Security of your organization’s data is very important, and in this audit the vendor’s policies concerning data access and security policies are evaluated.

8. Physical and environmental security

The vendor must have sufficient safeguards in its datacenter to protect itself against vandalism and other kind of attacks. Apart from this, the audit checks that the environment is sufficiently safe from natural forces and has an effective DR/BC (Disaster Recovery/Business Continuity) planning.

9. Service level agreements

The vendor must provide SLAs that are duly signed by the clients.

10. Client reporting, billing and satisfaction

The vendor must provide proper invoicing and billing and send periodic reports to its customers.

11. Financial health

To ensure that you have an uninterrupted access to your services, the vendor’s financial position must be stable and it must have been running a profitable business over the past six months.

All these factors are important for any cloud customer, and it would be great if all CSPs were accredited according to these objectives. Let us know, if your vendor is accredited by UCS and share your experiences.

By Balaji Viswanathan

Kevin Ovalle Anderson Frank

How cloud-based business management can help an SMB go global

Global SMB Business Management Most companies today are familiar with the cloud; using software-as-a-service (SaaS) apps and customer relationship management (CRM) for years. However, many businesses are now running the whole show from the cloud ...
Meta Data

Data-Driven PPC and The Benefits Of Drilling Down On The Data

Drilling Down On Big Data Running a pay per click campaign for your business, which isn’t driven by detailed metrics, offers no more than the hit-and-hope approach which a billboard in the 80’s may have ...
Patrick Joggerst

From Virtualization to Cloudification: Transforming Networks, Now What?

Virtualization to Cloudification As we head into the next decade of telecommunications network technology transformation, we find ourselves at a pivotal moment as the era of virtualization becomes the new era of cloudification. Real-time communications ...
Ajay

Deep learning to avoid real time computation

Avoid real time computation “The underlying physical laws necessary for the mathematical theory of a large part of physics and the whole of chemistry are thus completely known, and the difficulty is only that the ...
Brad Thies

System Vulnerabilities Are an Issue for Everyone

System Vulnerabilities Are an Issue for Everyone Over the past decade, we have seen a drastic increase in the number of companies relying on cloud services. Given the nature of the cloud as a shared-resource ...
Johan

Why the digital infrastructure is a matter of national interest!

Digital Infrastructure National Interest When the Internet was born, it promised a form of democracy and guarantee that everybody could be part and setup their company to contribute and make the Internet better. Today - ...