P A R T N E R I N G T R U S T Enabling trust in the digital online - - PowerPoint PPT Presentation

p a r t n e r i n g t r u s t
SMART_READER_LITE
LIVE PREVIEW

P A R T N E R I N G T R U S T Enabling trust in the digital online - - PowerPoint PPT Presentation

Sep 12, 2022 244 likes •439 views

P A R T N E R I N G T R U S T Enabling trust in the digital online economy P A R T N E R I N G T R U S T Michiel Steltman Thomas Niessen - Project lead, Partnering Trust - MD, Kompetenznetzwerk Trusted Cloud - Director, DINL -

slide-1
SLIDE 1

P A R T N E R I N G T R U S T

“Enabling trust in the digital online economy”

slide-2
SLIDE 2

P A R T N E R I N G T R U S T

Bianca Smit

  • Certified auditor (RA),
  • Examiner, Financial auditing Amsterdam

University

  • Lecturer Financial Accounting, Nyenrode

Business University

Michiel Steltman

  • Project lead, Partnering Trust
  • Director, DINL
  • Member, NL forum standardization

Thomas Niessen

  • MD, Kompetenznetzwerk Trusted Cloud
  • Managed largest German innovation

programs (Internet of Services/Cloud);

  • VP, software company specialized in

information retrieval/Big Data.

Jeroen van Schajik

  • IT audit partner, BDO Audit & Assurance
  • Responsible for the NL SOC (Service

Organization Control) assurance practice

  • Board member, NOREA
  • Involved in development Zeker Online
slide-3
SLIDE 3

“Enabling trust in the digital online economy”

slide-4
SLIDE 4

Partnering Trust: Ambitions

Generic processing agreements Information Security Baselines Reusable and standardized audit reports DPA Endorsement International Level playing field

slide-5
SLIDE 5

Certification and assurance: an example

Invoice Management IT Services Management Datacenter Users

Stakeholders: such as (end)users, tax authorities, oversight boards, supervisory boards, accountants and shareholders

Glo Global al hostin ing provid ider

Financial Administration

slide-6
SLIDE 6

Certification versus assurance reports

TRUST ME TELL ME SHOW ME PROVE ME

Dependent on relation between service-organisation and client Objective ISO certification Periodic meetings SLA/DAP-reporting

ISAE 3402 (SOC 1) Type 1 ISAE 3402 (SOC 1) Type 2 ISAE 3000 (SOC 2) Type 2 ISAE 3000 (SOC 2) Type 1

slide-7
SLIDE 7

ISAE 3000: SOC 2 implementation

Security: 28 criteria (= baseline) Confidentiality: 6 additional criteria Availability: 3 additional criteria Processing integrity: 6 additional criteria

CO CONTROLS LS

Privacy: 6 additional criteria (USA)

slide-8
SLIDE 8

Frameworks with mapping to SOC 2

slide-9
SLIDE 9

Cloud Computing

slide-10
SLIDE 10

Quality Requirements & desired Chain

IaaS PaaS SaaS

Application Structure

  • Generic
  • Specific

End users

Technical Infrastructure

  • IT Organization
  • Security

Legal Requirements

slide-11
SLIDE 11

Certification versus assurance reports

TRUST ME TELL ME SHOW ME PROVE ME

Dependent on relation between service-

  • rganisation and client

Objective ISO certification Periodic meetings SLA/DAP- reporting

ISAE 3402 (SOC 1) Type 1 ISAE 3402 (SOC 1) Type 2 ISAE 3000 (SOC 2) Type 2 ISAE 3000 (SOC 2) Type 1

slide-12
SLIDE 12

Community

  • Adopt of the framework

Supervisory board Stichting Zeker-Online Participant Council Workgroup Auditors Standard Setting Cie

  • Grantor of the certification
  • Advise
slide-13
SLIDE 13

Summary

  • Initiative of innovative players
  • Pro-active in the new data-economy
  • Market demand for ‘trusted’ online services
  • Data protection, privacy
  • Cooperation between government and industry
  • Demand for independent ‘assurance’ providing
  • SAAS- PAAS – IAAS - …… Chain security !!
slide-14
SLIDE 14

Trusted Cloud Label

Cloud provider applies External auditor examines the application Advisory Board makes decision

  • n application

Label is awarded, service is listed

Stakeholders:

Patronage:

slide-15
SLIDE 15

Criteria of Trusted Cloud Label

Security Aspects Data Privacy / Protection Quality Continuity Management Service Management Flexibility Trans parency

slide-16
SLIDE 16

Aims of co-operation

All labels ensure: Increasing confidence in cloud computing (security aspect) Helping to minimize the risk of exploitation. Building up transparency about cloud computing and cloud service Professionalisation of cloud services (security, services etc.) GDPR

  • Article 42/43 - Certification
  • …establishment of data

protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation

  • f processing operations by

controllers and processors.

  • The specific needs of micro,

small and medium-sized enterprises shall be taken into account. Harmonization of the existing labels

  • Common criteria
  • Criteria for special target groups
  • Processes to apply for a label
  • Identify best practices
slide-17
SLIDE 17

Roadmap

Trusted Cloud, Zeker Online und Label Cloud signing MoU December 2016 June 2016 August 2017 Comparison of the controls Harmonizing controls/modula risation Further development of criteria First exchange for information Memorandum for cooperation Harmonizing processes May 2017 Adaption to GDPR Need to be accredited at the national Accreditations agencies May 2018 Extending international co-operation February 2017 December 2017

slide-18
SLIDE 18

“Enabling trust in the digital online economy”

Partnering Trust:

Mail Trusted Cloud: niessen@trusted-cloud.de Mail BDO: Jeroen.van.Schajik@bdo.nl Mail Zeker-OnLine: info@zeker-OnLine.nl Mail ECP: info@Ecp.nl