Continuous auditing certification white paper
The EU-SEC project is developing a process that will bring continuous assurance by addressing the lack of regularity and proactivity of traditional “point-in-time” certifications. The method developed for this is called continuous auditing based certification. By using technology to monitor and flag non-compliant activity on an ongoing basis, continuous auditing delivers an enhancement to traditional certification. It increases the assessment frequency via a continuous workflow. State of the art security monitoring systems supervise the IT’s security status by collecting data from the CSP’s information system. This collected data is further assessed and used as the basis for continuous auditing.
Related Links:
Multi-Party Recognition Framework white paper
Cloud computing has emerged as the de facto standard when it comes to outsourcing IT infrastructure. Although it comes with many benefits like flexibility, cost-efficiency, and maintenance reduction, adopting cloud computing also means handing over control and governance of data to the Cloud Service Provider (CSP). That is a great concern for many customers. CSPs have addressed this issue to some extent by improving both their security and privacy posture and transparency, but there remains a need to establish a deeper level of trust between the CSP and the cloud customer.
