Seite 169 - Cloud Migration Version 2012 english

169 
The provider offers comprehensive documentation and training 
material as an introduction to using the service. A hotline is available 
during the user's normal working hours. Problems can be reported 
by means of an electronic ticket system. The provider has established 
processes with guaranteed processing workflows and the internal 
applications necessary to support them, also with any upstream 
suppliers. 
Assurances in terms of service management and technical provision 
are verified on site by trained auditors. 
Four‐Star Certification 
In addition to the requirements stated previously, the following mandatory 
criteria are fulfilled: 
Technical provisions are in line with the requirements for a 
professional datacentre provider. Communication uses an Internet 
Exchange node (IX) with direct and redundant links.  
The service processes comply with the requirements of ITIL and ISO 
27001 
in the sense of an ISMS (Information Security Management 
System). 
The security functions and the use of encryption technology are 
documented and verifiable and in line with normal IT security 
requirements. Protective measures against external attacks are 
implemented, and at the time of the audit are in accordance with the 
requirements of the ISO 27001 standards.  
Direct access by administrators is restricted, and transaction data is 
anonymised against user profiles in individual cases of access. Record 
of this is kept in appropriate process documentation, which is 
available to the customer on request. 
Except where long‐term archiving of customer data according to the 
principles of data access and verifiability of digital documents 
(
GdPDU) is implemented by other means, the provider fulfils the 
archiving and provisioning requirements for customer data to the 
extent of legal requirements. 
Five‐Star Certification 
In addition to the requirements stated previously, the following mandatory 
criteria are fulfilled: