Date:
20/03/1519/03/15
EuroCloud Europe a.s.b.l.
Version 3.0 Rev 10
EuroCloud Star Audit Certificate
No.
項次
I - Control Topic
控制主題
II - Control Scope
控制範疇
III - Control Question
控制題項
Star Rating
星級
Audit Goal
驗證目標
A02-S02-C01-Q01 Rules for Data Manage-
ment
資料管理之規定
Location of Data
資料存放地
Are the location, postal address and contact for the
physical data hosting of the customer data clearly
provided?
是否清楚提供存放客戶資料的實體資料保存設施之
地點的郵遞地址及聯絡人資訊?
***
Customer must be able to provide evidence of data location for person-
al and financial data (if required by local regulation)
若當地法規要求,客戶必須能提供個人及財務資料,及其存放地之
證據
A02-S02-C01-Q02
Is it possible to limit the physical server hosting of custom-
er data to a certain region, country, physical address or
judicial area if potential multiple sites are in place?
若有多
個潛在的地點,能否限制存放客戶資料的實體主機
所在區域、國家、實際地址或司法管轄區域?
****
By this it has to be granted, that no backups or recovery services are in-
clouded outside the specified region. This also implies to the service and
operations staff, which has to be located within the specified region.
必須在合約中同意,置於界定區域外的雲服務可能沒有備份或回復
服務。此亦隱含提醒服務及維運人員,資料應存放於界定區域內
A02-S02-C02-Q01
Data access by customer
客戶對於資料之存取
In the case of dissent about the service delivery is it
confirmed that the customer can access the data with-
out any constraints and that the service provider is still
bound to the data archiving requirements.
若對服務交付結果有異議,是否確認客戶可不受任
何限制而能存取其資料,服務商且有義務遵行資料
存檔管理之需求?
***
Gi ve the customer the right to access his data in the case of unclear pa
yment balances or other contractual obligations. The service itself can
be interrupted.
若有未結清付款狀況或其他合約義務上的異議,服務本身可被中
斷,但給予客戶權利,可持續存取其自己的資料
A02-S02-C02-Q02
In the case of abnormal contract termination, is it
confirmed that the contractor will not delete the data
and agrees to keep the customer specific archives?
若有不正常的合約終止狀況,是否確認合約服務商
不會刪除客戶資料,並同意持續保存客戶特定檔
案?
*****
A guarantee of potential data recovery
保證可以回復資料
A02-S02-C02-Q03
Is the protection of customer data and accessibility of
the data for the customer ensured in the case of bank-
ruptcy of the provider?
若遇到服務商破產時,合約是否有確保客戶資料受
到保護,並允許客戶自由存取其資料?
*****
Full procedure description and clear statement which entitles the
customer to the same level of access from any successor of the opera-
tional service
要有完整的作業程序,說明客戶被授予同樣權利,可在繼任的服務
商處,繼續存取其資料
A02-S03-C01-Q01
Contractual Data Privacy
Requirements
合約資料隱私保護要求
Technical and organizational
procedures
技術性及組織性之作業程序
Is the use and processing of personal data clearly
specified for the type of service?
針對特定服務類型,其使用及處理個人資料之方
式,是否清楚界定於合約中?
****
The role and functional description of the provider as data processor is
clearly described (if applicable).
在可適用的情況下,應詳細描述服務商作為資料處理人之角色和功
能
