47
requirements in the context of a standardised test procedure and are
validated by qualified auditors. The ISO 27001 standards (IT Security
Procedures ‐ Information Security Management Systems Requirements) is
the most famous test procedure in the field of IT security.
In terms of Cloud computing, security is only one aspect of the tests
requirements. The specification of Service Level Agreements (SLA) and the
contractual wording of data protection requirements are also highly
relevant; as Cloud services are often provided by several stakeholders, it is
also essential to verify whether the requirements of the entire supply chain
are met.
If the provider of a SaaS solution has an ISO 27001 certification, it says
nothing about the security systems of its suppliers, such as those of a
platform, or infrastructure service provider.
The EuroCloud organisation therefore began work back in 2010 on the
definition of a Cloud‐specific certification process. It was published in 2011
under the name of EuroCloud Star Audit. With a uniform test procedure for
all Cloud services and a graded evaluation process, it implements quality
requirements in a way that is understandable for customers, documents the
results and calls on auditors to validate them.
Further details can be found in section 4.2.