EU-SEC’s Multi-Party Recognition Framework brings clarity to the compliance landscape, streamlines process and reduces cost
About the Event
Third party audits and certifications are considered a suitable solution to providing assurance and trust regarding a cloud service provider’s approach to security and privacy. They are also a credible way to show compliance to standards and regulations. Unfortunately, though, the number of existing national, international and sectorial standards, laws and regulations has drastically increased in the last few years, leading to increased complexity of the area of compliance. As a consequence, the process of adhering to different standards, laws and regulations for CSPs is not efficient, with a lot of duplicated work that unduly increases costs and complexity.
The EU-SEC project has worked on addressing these issues by, for instance, identifying the common denominators between widely known standards (e.g., ISO27001/02/17/18, SOC2, CSA STAR Certification and Attestation, BSI C5, ANSSI SecNumCloud and other national or sectorial schemes) and presenting them under a well-defined and comprehensive framework, namely the EU-SEC’s “Multi-Party Recognition Framework”. In order to share the EU-SEC project vision and results, we are inviting cloud stakeholders, e.g. CSPs, cloud customers, auditors, consultants and policy makers to join our workshop and tutorial.
The workshop will give you an insight into the functionality of the framework, its tools and requirements comparison methodology, as well as the benefits offered to the cloud certification community and market.
Who should attend and why?
- Cloud stakeholders will benefit by understanding the relationship between information security and privacy requirements contained in various compliance schemes such as BSI C5, CSA STAR, ISO or ISAE 3000.
- CSPs will learn how to select and adjust their security and privacy objectives and controls in such a way that several compliance schemes are applied at the same time.
- Certification bodies and audit firms will be offered the ability to present a more attractive compliance assessment portfolio through the multiparty recognition-based auditing services.
- Regulators and policy maker will benefit by recognizing synergies from the EU-SEC approach in establishing European and national regulations
During the workshop we’ll also present the results of four large scale pilots and the lessons learnt during a real-life implementation of the framework.
The workshop will be led by experts from the EU-SEC consortium, including NIXU, Fabasoft, Fraunhofer, and CSA.
9:00 – 9:30: Registration and welcome coffee
9:30 – 10:00: Presentation and EU-SEC Project introduction
10:00 – 10:40: Introduction to the MPRF
10:40 – 11:10: Coffee Break
11:10 – 11:30: The EU-SEC MPRF pilots
11:30 – 12:00: Round Table discussion (Questions and Answers)
12:00 – 13:00: Lunch Break
13:00 – 13:30: MPRF for Auditors (NIXU)
13:30 – 14:00: MPRF for CSPs (FABASOFT, SixSq)
14:00 – 14:30: MPRF for scheme owner, regulators and policy makers (CSA)
14:30 – 15:30: Networking coffee
Attendee profile/learning level
Intermediate – Delegate has a working knowledge of the topic covered but is not yet an advanced practitioner. Intermediate sessions are geared toward delegates who have some competence in the subject under discussion resulting from prior training, education and/or work experience.
Thanks to this workshop the attendees will acquire a theoretical understanding and practical implementation tips on:
- The purpose and objectives of the multiparty recognition framework (MPRF).
- MPRF’s life-cycle and its processes.
- The business drivers for and benefits of the adoption of the MPRF
- How to use the MPRF in real life (with dedicated tips for the different target audiences, i.e. CSPs, Customers, Auditors & Consultant and scheme owners & regulators)
10589 Berlin, Germany
As part of the registration for the “Workshop & Tutorial on Multi-Party Recognition” we provide the following compulsory information, we collect the following required data:
- Last name, first name
- Email address
- Company (additional information)
Should we request additional required data, we will specifically identify them (using an * for example). In addition, our website users often have the opportunity to volunteer additional information.
We process the required data mostly to identify you as event participant and to reserve a place for you. In addition, we agree with you on the type of event, provide you with information for and after the event and overall ensure that you enjoy your participation and the event proceeds smoothly. The volunteered data help us to plan and organise our events in tune with your interests and age.
We collect the data in response to the enquiries of interested parties. According to Article 6 para. 1, page 1, lit. b GDPR, the data collection is necessary for the mentioned purposes, to perform according to the participation contract and to meet the conditions precedent to entering into the participation contract.
We store data, which we collect in context with registrations to events, for six (6) months providing you did not agree to a longer storage period as outlined in Article 6 para. 1, page 1, lit. a GDPR.
In the context with project registrations via Internet form, we work with our service provider Mailingwork GmbH, Birkenweg 7, 09569 Oederan, Deutschland (“Mailingwork”). The purpose of this collaboration is the professional management of online registrations to our projects. In the process, our service provider Mailingwork GmbH stores the provided data in Germany.
We entered into an order processing contract with Mailingwork GmbH. The purpose of the cooperation is the provision of project registration services. In this contract, Mailingwork GmbH agrees to process the data on our behalf in compliance with the General Data Protection Regulation (GDPR) and guarantees to comply with the rights of the affected persons. The general data protection regulations for the websites of the Mailingwork GmbH are available at: https://mailingwork.de/datenschutz/.