Certification for the Cloud is finally here
Cloud Service Providers (CSPs) face unique information risks. End users are concerned
with the security of their information and whether they can trust CSPs. The Cloud
Security Alliance (CSA) has identified gaps within the IT ecosystem that are inhibiting
market adoption of secure and reliable cloud services. The market needs a transparent
feedback system that will help avoid costly mistakes in the adoption of cloud computing
while enabling CSPs to demonstrate they can not only be trusted, but their processes and
scope are fit-for-purpose. Organizations need to feel confident that their cloud
computing services are safe, secure, and aligned with their organization's
The CSA in cooperation with BSI is enabling an understanding of the next level
certification/assurance for the Cloud. Currently, there are self-certification options.
Now there will be two independent certification/assurance options: 1) ISO/IEC 27001 and
2) SOC 2. Hear the latest developments on these initiatives.
Details released will include specifics on the following:
Explaining the new international standards and attestation initiatives currently under
development which will take aim at cloud services, privacy, and vendor management.
Integrating the ISO/IEC 27001 certification with a proven benchmark process analysis
and evaluation system to provide a transparent and consistent continuous monitoring
The new Cloud Control Matrix, which maps the trust principles used for Service
Organization Control Report 2 (SOC 2) reporting.
John DiMaria - John DiMaria is the ISO Product Manager for BSI Group
America Inc. He has 28 years of successful experience in Management System Development,
including Information Systems, and Quality Assurance. John is responsible for
overseeing, product roll-out, and client/sales education. He is a product spokesperson
for BSI Group America, Inc. regarding all product standards covering Risk, Quality,
Sustainability and Regulatory Compliance.
John has been featured in many publications concerning various topics regarding
information security, sustainability and business continuity such as Computer World,
Quality Magazine, Continuity Insights, ABA Banking Journal, CPM Magazine, and Disaster
Audrey Katcher - Audrey Katcher is a RubinBrown partner who currently
chairs the Service Organization Controls group within the America Institute of
Certified Public Accountants. She recently took a role as the chair of the Open
Certification Framework (OCF) STAR Assurance Working Group for CSA.
With over 20 years of experience in assessing internal control from security to SOX,
Audrey brings a breadth of experience to the discussion of the unprecedented change in
the controls space for the Cloud occurring now.