Chapter 8. Audit and Compliance
Audit and compliance refers to the internal and external processes that an organization implements to:
Identify the requirements with which it must abide—whether those requirements are driven by business objectives, laws and regulations, customer contracts, internal corporate policies and standards, or other factors
Put into practice policies, procedures, processes, and systems to satisfy such requirements
Monitor or check whether such policies, procedures, and processes are consistently followed
Audit and compliance functions have always played an important role in traditional outsourcing relationships. However, these functions take on increased importance in the cloud given the dynamic nature of software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS) environments. Cloud service providers (CSPs) are challenged to establish, monitor, and demonstrate ongoing compliance with a set of controls that meets their customers’ business and regulatory requirements. Maintaining separate compliance efforts for different regulations or standards is not sustainable. A practical approach to audit and compliance in the cloud includes a coordinated combination of internal policy compliance, regulatory compliance, and external auditing.
Internal Policy Compliance
CSPs, like other enterprises, need to establish processes, policies, and procedures for managing their IT systems that are appropriate for the nature of the service offering, ...
Get Cloud Security and Privacy now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.