Standards | – Cloud assurance compliance


The following compliancy standards and regulations are relevant to cloud service customers and cloud service providers.

Standard Description
SAS70 Auditor’s statement on the effectiveness of the internal controls
PCI-DSS v2.0 Security requirements for Payment processing systems
NIST SP800-53 Recommended Security Controls for Federal Information Systems and Organizations
ISO27002:2007 Code of practice for information security management
ISO27001:2005 Information security management systems (ISMS)
ISAE3402 International standard on assurance engagement – Assurance reports on controls at a service organisation
HIPAA Health Insurance Portability and Accountability Act, technological requirements for health care systems. §164 is relevant to cloud.
FedRamp Proposed Security Assessment & Authorization for U.S. Government Cloud Computing (based on NIST SP800-53)
CCM v1.1 CSA’s Cloud Control Matrix v1.1. Mapping of general cloud controls to popular security standards.
2009/136/EC The “Cookie directive”, regarding privacy guidelines