Tuesday, October 4, 2011

Certification and Attestations related to Cloud Computing

 

  • ISO/IEC 27001:2005
    • Internationally recognized specification of standards for an ISMS that includes processes for examining, controlling, and managing threats to information security.
  • SAS (Statement on Auditing Standards) 70 Type I and II
    • Standards used by auditors to evaluate and report on the controls (Type I) and the effectiveness of
      control activity over a period of time (Type II) for a service organization, including data hosting
      companies.
  • SOX (Sarbanes-Oxley)
    • U.S. securities law that dictates specific requirements for financial reporting by public companies. The titles cover areas such as corporate responsibility, auditor independence, analyst conflicts of interest, and other subjects related to financial disclosures. 
  • PCI DSS (Payment Card Industry Data Security Standard)
    • Security controls for credit card transactions.
  • FISMA (Federal Information Security Management Act)
    • U.S. Federal law that mandates security standards for information technology systems in the federal
      government.

No comments: