Compliance Audit: Learn More On The Unified Certification Standard

Cloud Compliance Audit

I have written previously about various types of audits that are necessary to validate your cloud service.  In this post, I will cover the cloud service audit that helps you pick the right cloud service provider (CSP). While it is important that customers take the initiative in checking the various guarantees offered by the vendor on their own, it is helpful to have an industry certification that verifies each of the major parameters and that backup the vendor’s claims.

The Unified Certification Standard (UCS) from the industry body, the International Association of Managed Service Providers (MSP Alliance), shows promise in this regard.

The UCS, previously known as the Managed Services Accreditation Program (MSAP), has auditors who visit the facilities of the CSPs that request to be audited, and evaluate the CSP on eleven major control objectives.

1. Provider organization, governance, planning and risk management

This verifies that the vendor company has established an organizational structure that will allow it to effectively manage their services and provide an appropriate level of risk management.

2. Documented policies and procedures

This part verifies that the employees are trained and made aware of compliance procedures and that there is a periodical review of those procedures.

3. Service change management

This part verifies that the vendor is properly documenting the capacity planning and control change operations.

4. Event management

Customer support is essential for cloud computing customers. Thus, the audit verifies that the vendor has an established ticketing system and a help desk, and that it staffs their Network Operations Center (NOC) with trained personnel.

5. Logical security

Physical access to the servers and password management procedures are verified in this audit.

6. Change management

This part of the audit verifies that changes to policies and systems are logged and documented.

7. Data integrity

Security of your organization’s data is very important, and in this audit the vendor’s policies concerning data access and security policies are evaluated.

8. Physical and environmental security

The vendor must have sufficient safeguards in its datacenter to protect itself against vandalism and other kind of attacks. Apart from this, the audit checks that the environment is sufficiently safe from natural forces and has an effective DR/BC (Disaster Recovery/Business Continuity) planning.

9. Service level agreements

The vendor must provide SLAs that are duly signed by the clients.

10. Client reporting, billing and satisfaction

The vendor must provide proper invoicing and billing and send periodic reports to its customers.

11. Financial health

To ensure that you have an uninterrupted access to your services, the vendor’s financial position must be stable and it must have been running a profitable business over the past six months.

All these factors are important for any cloud customer, and it would be great if all CSPs were accredited according to these objectives. Let us know, if your vendor is accredited by UCS and share your experiences.

By Balaji Viswanathan

Alex Brisbourne

Industrial IoT Cyberattacks Continue To Rise

IoT Industrial Security The Internet of Things (IoT) includes both traditional electronics and everyday ‘things’ embedded with sensors, computing, and networking capabilities. From smart coffee makers and smart homes to smart lighting and smart cities, ...
David Gevorkian

Website Accessibility: Compliancy, Laws and Best Practices

Key to Making Your Website Accessible The internet has changed the education sector in so many ways. With e-learning, more people around the globe are able to access high-quality education and advance their careers. E-learning ...
Patrick Joggerst

Payments Companies Will Always See ROI on Embedded Real Time Communications

ROI on Embedded Real Time Communications Without secure, real time communications applications, the financial services industry could literally come to a standstill. While transactions are driven by data, the human voice and human messaging continues ...
Trust Report

Profit-Driving Strategies for 2020, Backed by Data

Profit-Driving Strategies Since 2019 is coming to a close, the time has come for businesses to evaluate what they can do to propel profits in 2020. The vast array of possibilities can make an enterprise's ...
DSP

How DSPs Can Proactively Improve Broadband Performance Issues by 45%?

DSPs Can Proactively Improve Broadband Performance 67% of customers who contact their Digital Service Provider’s (DSP’s) customer service report broadband issues. Around 26% of customers report inconsistent internet speed causing work from home issues during ...
Staeadfast

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business and society, everything is changing. Ed Dryer, Senior Technology Strategist at Steadfast Networks, which specializes in Colocation, Managed Infrastructure as ...