Documentation of customer groups whose information is processed by the organization

Critical
High
Normal
Low

Organisation must define

  • stakeholders relevant to the information security management system
  • information security requirements set by these stakeholders

Customer groups or individual significant customers that are important to the organization's operations are usually one of the most important stakeholders, also from the point of view of information security. Other stakeholders are treated through other tasks.

Connected other frameworks and requirements:
CLD 6.3: Relationship between cloud service customer and cloud service provider
ISO 27017
CLD 6.3.1: Shared roles and responsibilities within a cloud computing environment
ISO 27017
CLD 8.1.5: Removal of cloud service customer assets
ISO 27017
A.8.2.1: Customer agreement
ISO 27701
4.2: Interested parties
ISO 27001

Process for removal or return of customer assets after cloud service agreement cancellation

Critical
High
Normal
Low

Cloud service provider should be prepared for customers requesting a documented description for the process of return and removal of the customers assets in the event of service termination. This description should include:

  • Detailed procedure for asset return to customer
  • Deletion of all copies of customers data and assets
  • List of all customer assets
  • Schedule for termination of service process

Cloud service providers must also actively provide the information about the arrangements for removal and return of assets of the cloud service customer (e.g. in terms of service or other service agreement).

Connected other frameworks and requirements:
8: Asset management
ISO 27017
CLD 8.1: Responsibility for assets
ISO 27017
CLD 8.1.5: Removal of cloud service customer assets
ISO 27017
No items found.