Already a subscriber? 
MADCAD.com Free Trial
Sign up for a 3 day free trial to explore the MADCAD.com interface, PLUS access the
2009 International Building Code to see how it all works.
If you like to setup a quick demo, let us know at support@madcad.com
or +1 800.798.9296 and we will be happy to schedule a webinar for you.
Security check
Please login to your personal account to use this feature.
Please login to your authorized staff account to use this feature.
Are you sure you want to empty the cart?
PD ISO/IEC TR 3445:2022 Information technology. Cloud computing. Audit of cloud services, 2022
- National foreword
- Foreword
- Introduction
- 1 Scope
- 2 Normative references
- 3 Terms and definitions [Go to Page]
- 3.1 Terms related to the use of audit and assessment
- 3.2 Terms related to cloud service audit
- 4 Abbreviated terms
- 5 Overview of cloud computing and the activities of a cloud auditor [Go to Page]
- 5.1 Overview of cloud computing [Go to Page]
- 5.1.1 General
- 5.1.2 Cloud computing roles, sub-roles and activities
- 5.2 Overview of the activities of a cloud auditor [Go to Page]
- 5.2.1 Cloud auditor
- 5.2.2 Responsibilities of a cloud auditor
- 5.2.3 Cloud auditor’s cloud computing activities
- 5.2.4 Relationship of the cloud auditor to CSPs, CSCs, and other CSNs
- 6 Overview of the audit of cloud services [Go to Page]
- 6.1 General
- 6.2 Objectives of an audit of cloud service [Go to Page]
- 6.2.1 General
- 6.2.2 Audit objectives
- 6.2.3 Audit boundaries
- 6.2.4 Relationship of an audit and the organization
- 6.3 Types of cloud audit [Go to Page]
- 6.3.1 Overview
- 6.3.2 Internal audit
- 6.3.3 External audit
- 6.3.4 Exemplary tests and audits
- 6.3.5 Relationship between audit and assessment for cloud computing
- 6.3.6 Relationships among audit processes and reports
- 6.3.7 Conformity Assessment – Objectives and expectations
- 6.4 Cloud audit and trust
- 7 Audit specifications and challenges [Go to Page]
- 7.1 Overview
- 7.2 Establishing audit scope
- 7.3 Audit risk assessment [Go to Page]
- 7.3.1 General
- 7.3.2 Risk assessment of cloud computing systems and legacy or non-cloud computing system
- 7.4 Security controls assessment
- 7.5 Required laws, regulations, and government requirements
- 7.6 Policies [Go to Page]
- 7.6.1 General
- 7.6.2 Geolocation data
- 7.7 Cloud service agreement (CSA)
- 7.8 Cloud capabilities types, cloud service categories and key characteristics
- 7.9 Cross-cutting aspects
- 7.10 Emerging technologies and cloud native
- 7.11 Define metrics and security parameters
- 7.12 Determining matrix
- 7.13 Assessment of cloud governance
- 7.14 Challenges of conducting an audit of cloud services [Go to Page]
- 7.14.1 General
- 7.14.2 Third party auditability
- 7.14.3 Change management
- 7.14.4 Patch management
- 7.14.5 Multi-tenant environment
- 7.14.6 Auditability and assurance
- 7.14.7 Availability requirement
- 8 Approaches to conducting audits [Go to Page]
- 8.1 Typical Scenarios
- 8.2 Cloud audit – opportunities and meeting objectives [Go to Page]
- 8.2.1 General
- 8.2.2 Stakeholders and related activities on cloud audit
- 8.3 Processes – identify, analyse, evaluate
- 8.4 Data flow – lifecycle - confidentiality, integrity, availability
- 8.5 Automation of cloud service audits and assessments
- Annex A (informative) Sample list of standards and frameworks applicable to audit of cloud services
- Annex B (informative) Compilation of frameworks, schemes, and auditing programs for certification, attestation and authorization which are relevant to cloud security
- Bibliography [Go to Page]
