p a r t n e r i n g t r u s t
play

P A R T N E R I N G T R U S T Enabling trust in the digital online - PowerPoint PPT Presentation

P A R T N E R I N G T R U S T Enabling trust in the digital online economy P A R T N E R I N G T R U S T Michiel Steltman Thomas Niessen - Project lead, Partnering Trust - MD, Kompetenznetzwerk Trusted Cloud - Director, DINL -


  1. P A R T N E R I N G T R U S T “Enabling trust in the digital online economy”

  2. P A R T N E R I N G T R U S T Michiel Steltman Thomas Niessen - Project lead, Partnering Trust - MD, Kompetenznetzwerk Trusted Cloud - Director, DINL - Managed largest German innovation - Member, NL forum standardization programs (Internet of Services/Cloud); - VP, software company specialized in information retrieval/Big Data. Bianca Smit Jeroen van Schajik - Certified auditor (RA), - IT audit partner, BDO Audit & Assurance - Examiner, Financial auditing Amsterdam - Responsible for the NL SOC (Service University Organization Control) assurance practice - Lecturer Financial Accounting, Nyenrode - Board member, NOREA Business University - Involved in development Zeker Online

  3. “Enabling trust in the digital online economy”

  4. Partnering Trust: Ambitions Generic processing agreements Information Security Baselines Reusable and standardized audit reports DPA Endorsement International Level playing field

  5. Certification and assurance: an example IT Services Management Invoice Management Financial Administration Stakeholders: such as Users (end)users, tax authorities, oversight boards, supervisory boards, accountants and Datacenter shareholders Glo Global al hostin ing provid ider

  6. Certification versus assurance reports TRUST ME TELL ME SHOW ME PROVE ME Dependent on relation between Objective service-organisation and client ISO certification SLA/DAP-reporting Periodic meetings ISAE 3000 (SOC 2) Type 1 ISAE 3000 (SOC 2) Type 2 ISAE 3402 (SOC 1) Type 1 ISAE 3402 (SOC 1) Type 2

  7. ISAE 3000: SOC 2 implementation Security: 28 criteria (= baseline) Confidentiality: 6 additional criteria CO CONTROLS LS Availability: 3 additional criteria Processing integrity: 6 additional criteria Privacy: 6 additional criteria (USA)

  8. Frameworks with mapping to SOC 2

  9. Cloud Computing

  10. Quality Requirements & desired Chain Legal Requirements End users Technical IT Organization • Infrastructure • Security SaaS Application Generic • Structure • Specific PaaS IaaS

  11. Certification versus assurance reports TRUST ME TELL ME SHOW ME PROVE ME Dependent on relation between service- Objective organisation and client ISO certification SLA/DAP- reporting Periodic meetings ISAE 3000 (SOC 2) Type 1 ISAE 3000 (SOC 2) Type 2 ISAE 3402 (SOC 1) Type 1 ISAE 3402 (SOC 1) Type 2

  12. Community Supervisory board • Adopt of the framework Workgroup Auditors Stichting Zeker-Online • Grantor of the certification Standard Participant Council Setting • Advise Cie

  13. Summary • Initiative of innovative players • Pro-active in the new data-economy • Market demand for ‘trusted’ online services • Data protection, privacy • Cooperation between government and industry • Demand for independent ‘assurance’ providing • SAAS- PAAS – IAAS - …… Chain security !!

  14. Trusted Cloud Label Cloud provider External auditor Advisory Board Label is awarded, applies examines the makes decision service is listed application on application Stakeholders: Patronage:

  15. Criteria of Trusted Cloud Label Service Management Data Privacy / Flexibility Protection Trans Quality parency Continuity Management Security Aspects

  16. Aims of co-operation All labels ensure: GDPR Increasing confidence in • Article 42/43 - Certification Harmonization of cloud computing (security • …establishment of data protection certification the existing labels aspect) mechanisms and of data Helping to minimize the protection seals and marks, for • Common criteria the purpose of demonstrating risk of exploitation . compliance with this Regulation • Criteria for special target groups Building up transparency of processing operations by • Processes to apply for a label controllers and processors. about cloud computing The specific needs of micro, • • Identify best practices and cloud service small and medium-sized Professionalisation of cloud enterprises shall be taken into account. services (security, services etc.)

  17. Roadmap Further development of criteria Need to be accredited at the national May 2018 Adaption to Accreditations GDPR agencies Extending international December 2017 co-operation Harmonizing August processes 2017 Harmonizing controls/modula May 2017 risation Comparison of February 2017 the controls Trusted Cloud, Zeker Memorandum Online und Label December for cooperation Cloud signing MoU 2016 First exchange June 2016 for information

  18. Partnering Trust: “Enabling trust in the digital online economy” Mail Trusted Cloud: niessen@trusted-cloud.de Mail BDO: Jeroen.van.Schajik@bdo.nl Mail Zeker-OnLine: info@zeker-OnLine.nl Mail ECP: info@Ecp.nl

Recommend


More recommend