The articles above include a discussion on how organizations that must maintain compliance with industry/regulatory requirements (PCI DSS, HIPAA, Sarbanes-Oxley, etc.) can currently include outsourced systems that affect that requirement. For your main (original) posting for the week, answer one of the following:
- Summarize the Payment Card Industry Data Security Standards (PCI / DSS). Explain how CSPs can ensure compliance. Include ramifications for non-compliance.
- Explain the ISO 2700X series of standards. How can CSPs and customers leverage them to ensure best practices are being followed?
- Will CSPs have to prove compliance capability before a company will adopt their cloud services? Why or why not?
- There are many laws, rules, standards, and regulations set by different agencies. Should there be one organization that sets industry standards and enforces compliance? Explain how that could work.
- CSPs may have locations in multiple countries. How can American laws and regulations be enforced in foreign nations where a CSP may be located?
- Explain methods for assessing a CSPs compliance to standards. What should be assessed? How?
- How do auditors ensure a CSP stays compliant with regulations, laws, and standards? How often should a CSP be reassessed? Explain the validation procedure for on-going compliance.
- How does a cloud vendor prove compliance with relevant regulatory requirements? What steps must they take to validate their services?
- How will industry/regulatory requirements change as cloud services mature?
Include the question you are answering in your post. Avoid answering the same question as a previous student. Try to cover a new question or one that hasn’t been discussed fully yet.
Provide specific examples to make your point.