Optimising the Compliance Process
The EU-SEC project has analysed the issue of this proliferation of cloud security standards and compliance schemes, and has observed that many security requirements and control objectives in different standards are largely overlapping.
As a consequence, the process of adhering to different standards, laws and regulations for CSPs is inefficient, with a lot of duplicated work that unduly increases costs and complexity.
The EU-SEC project has worked on addressing these issues by, for instance, identifying the common denominators between widely known standards and presenting them under a well-defined and comprehensive framework, namely the EU-SEC’s “Multi-Party Recognition Framework” (MPRF)
The Framework has been validated by 4 consortium members in a 12-month pilot scheme, the results of which have been used to improve the Framework.
- Whitepaper Continuous Auditing based Certification
- D1.4 Principles, Criteria and Requirements for a Multi-Party Recognition and Continuous Auditing Based Certifications