Cloud Security Controls
Purpose
Bramble govern the use of SaaS cloud environments to holistically manage risks associated with third-party involvement and architectural decisions, as well as to ensure the portability of data to change cloud providers, if needed.
Scope
This control applies to all third party providers that interact with data within the Bramble production environment, or any third party providers that a Bramble production system relies upon.
Ownership
The owner of this control is Security Compliance.
Controls
Control Number | Control Title | Control Statement | Goal | TOD | TOE |
---|---|---|---|---|---|
CLD-01 | Cloud Services | Bramble Group Corp. has implemented mechanisms to facilitate the implementation of cloud management security controls to ensure cloud instances are secure and in-line with industry best practices. | Does the organization facilitate the implementation of cloud management controls to ensure cloud instances are secure and in-line with industry practices? | 1. Identify industry best practices utilized to implement cloud management security controls. 2. Identify policies and procedures responsible for the implementation, management, contractual terms and security of cloud instances. 3. Examine policies and procedures for: purpose; scope; roles and responsibilities; management commitment; coordination among organizational entities; compliance; and implementation requirements. |
1. Examine contractual terms, cloud instance security controls and cloud management documentation for evidence that cloud instance security is in line with identified industry best practices. |
- Test of Design - (TOD) – verifies that a control is designed appropriately and that it will prevent or detect a particular risk.
- Test of Operating Effectiveness - (TOE) - used for verifying that the control is in place and it operates as it was designed.