German Federal Office for Information Security Issues Draft Framework Paper on Information Security for Cloud Computing
Time 1 Minute Read
Categories: European Union, Information Security, International

On September 28, 2010, the German Federal Office for Information Security, (the Bundesamt für Sicherheit in der Informationstechnik or “BSI”) released a draft framework paper on information security issues related to cloud computing.  The draft paper defines minimum security requirements for cloud solution service providers, and provides a basis for discussions between service providers and users.  The paper addresses the following issues:

  • The definition of cloud computing
  • Service provider security management requirements
  • ID and rights management
  • Monitoring and security incident response
  • Emergency management
  • Security checks and verification
  • Requirements for personnel
  • Transparency
  • Organizational requirements
  • User control
  • Portability of data and applications
  • Interoperability
  • Data protection and compliance
  • Cloud certification
  • Additional requirements for public cloud service providers that support cloud solutions for the Federal Administration

The BSI’s goal is to work with stakeholders to develop appropriate security requirements that should be considered with respect to the provision of cloud services.  Service providers and users have until January 3, 2011, to review the paper and provide comments.

Tags: Cloud Computing, Germany, Service Provider
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
UK ICO Sets Out Proposals to Promote Sustainable Economic Growth

On January 24, 2025, the UK Information Commissioner’s Office published a letter setting out proposals to boost business confidence, improve the investment climate, and foster sustainable economic growth in the UK.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
EDPB Launches Coordinated Enforcement Framework on Right of Access

On February 28, 2024, the European Data Protection Board (“EDPB”) announced the launch of its latest Coordinated Enforcement Framework action on the right of access. Through the course of 2024, 31 data protection authorities across the European Economic Area, including seven German state-level authorities, will take part in this initiative on the implementation of the right of access. The EDPB selected the right access for its third coordinated enforcement action as it is “at the heart of data protection,” is a right that is very frequently exercised by individuals, and one that is often the basis of complaints to authorities.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CJEU Rules that GDPR Prohibition on Automated Decision-Making Applies to Credit Scoring

On December 7, 2023, the Court of Justice of the European Union (“CJEU”) ruled that credit scoring constitutes automated decision-making, which is prohibited under Article 22 of the EU General Data Protection Regulation (“GDPR”) unless certain conditions are met. In a case stemming from consumer complaints against German credit bureau SCHUFA, the CJEU found that the company’s reliance on fully automated processes to calculate creditworthiness and extend credit constitutes automated decision-making which produces a legal or similarly significant effect within the meaning of Article 22 of the GDPR.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
FTC to Send Nearly $100 Million in Refunds in Vonage Settlement

On October 30, 2023, the Federal Trade Commission announced that it is sending nearly $100 million in refunds to consumers who were harmed as a result of internet phone service provider Vonage’s alleged use of dark patterns and other obstacles that made it difficult for users to cancel their service.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page