This repository has been archived by the owner on Feb 5, 2025. It is now read-only.
How to define the lowest common legal/ regulatory ground for our int. Group? #6
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
On of the major problems we are going to face will probably be our divers legal/regulatory grounds.
A common ground that is
(a) sufficiently detailed / comprehensive on the one hand but
(b) agnostic to local or specific legal/regulatory provisions on the other hand
will be crucial to make any progress on common solutions IMO.
Therefore I would like to ask if some member already knows / uses the Cloud Security Alliance Cloud Controls Matrix (CCM) 3.0.1 (latest release date: 11/12/2018) (see: https://cloudsecurityalliance.org/group/cloud-controls-matrix/#_overview).
The best thing about this matrix is, that a 300 x 300 standardises Q&A catalogue is - via a matrix overview - linked to all relevant international and common security standards (e.g. NIST, NZISM, ISO, or e.g. from a Germany perspective even the requirements by the Federal Office of Information Security, etc.). Relying on this matrix, you can solve/answer a requirement once, but can link the solution to all kinds of standards' requirements, you might be faced with from different auditors.
I would be interested to hear, if you agree with me, that maybe this Matrix could help us to define our common legal/ regulatory ground as an international Financial User Group? Or if someone knows/ uses other tools / sources to solve the mentioned (a) + (b) contradiction.
The text was updated successfully, but these errors were encountered: