Join our Workshop on Multi-Party Recognition between Cloud Security Certifications in Amsterdam on 13 May 2019! 

Description

Third party audits and certifications are considered a suitable solution to providing assurance and trust regarding a cloud service provider’s approach to security and privacy. They are also a credible way to show compliance to standards and regulations. Unfortunately, though, the number of existing national, international and sectorial standards, laws and regulations has drastically increased in the last few years, leading to increased complexity of the area of compliance. Such a proliferation of requirements has had the direct consequence of an increased cost of compliance for Cloud Service Providers (CSPs), which in some cases is reflected in an increased service price for the cloud customer.

Within the context of the European Commission funded project EU-SEC, we have analysed the issue of this proliferation of cloud security standards and compliance schemes, and we have observed that many security requirements and control objectives in different standards are largely overlapping.

As a consequence, the process of adhering to different standards, laws and regulations for CSPs is not efficient, with a lot of duplicated work that unduly increases costs and complexity.

The EU-SEC project has worked on addressing these issues by, for instance, identifying the common denominators between widely known standards (e.g., ISO27001/02/17/18, SOC2, CSA STAR Certification and Attestation, BSI C5, ANSSI SecNumCloud and other national or sectorial schemes) and presenting them under a well-defined and comprehensive framework, namely the EU-SEC’s “Multi-Party Recognition Framework”.

The main idea behind the multiparty recognition framework is not to create yet another cloud certification or auditing architecture. Instead, it aims at providing a unified method of systematic activities, with the objective of minimising the burden for a CSP of obtaining certification "Y", once it has already obtained certification "X". More generally, the purpose of the framework is to streamline the compliance process within an organisation and reduce its burden.

In order to share the EU-SEC project vision and results, we are inviting cloud stakeholders, e.g. CSPs, cloud customers, auditors, consultants and policy makers to join our awareness workshop.

The workshop will give you an insight into the functionality of the framework, its tools and requirements comparison methodology, as well as the benefits offered to the cloud certification community and market.

Who should attend?

  • Cloud stakeholders will benefit by understanding the relationship between information security and privacy requirements contained in various compliance schemes such as BSI C5, CSA STAR, ISO or ISAE 3000.
  • CSPs will learn how to select and adjust their security and privacy objectives and controls in such a way that several compliance schemes are applied at the same time.
  • Certification bodies and audit firms will be offered the ability to present a more attractive compliance assessment portfolio through the multiparty recognition-based auditing services. During the workshop we’ll also present the results of four large scale pilots and the lessons learnt during a real-life implementation of the framework.

Attendee profile/learning level

Intermediate – Delegate has a working knowledge of the topic covered but is not yet an advanced practitioner. Intermediate sessions are geared toward delegates who have some competence in the subject under discussion resulting from prior training, education and/or work experience.

Learning objectives

Thanks to this workshop the attendees will acquire a theoretical understanding and practical implementation tips on:

  1. The purpose and objectives of the multiparty recognition framework (MPRF).
  2. MPRF’s life-cycle and its processes.
  3. The business drivers for and benefits of the adoption of the MPRF
  4. How to use the MPRF in real life (with dedicated tips for the different target audiences, i.e. CSPs, Customers, Auditors & Consultant and scheme owners & regulators)

Venue

EY Amsterdam

Antonio Vivaldistraat 150

1083 HP Amsterdam

The Netherlands


Related Links: