Date:
20/03/1519/03/15
EuroCloud Europe a.s.b.l.
Version 3.0 Rev 10
EuroCloud Star Audit Certificate
No.
項次
I - Control Topic
控制主題
II - Control Scope
控制範疇
III - Control Question
控制題項
Star Rating
星級
Audit Goal
驗證目標
A02-S03-C01-Q02
Is it clearly negotiated that any change of the service
which might affect the nature of personal data pro-
cessing has to be agreed and confirmed by the custom-
er (data controller)?
是否有清楚協議,任何有可能影響個人資料處理形
式之服務變更,均須得到客戶(資料控制人)的同
意與確認?
****
Please refer to ECS A-DataPrivacyAuditGuide
請參考
ECSA -
資料隱私保護稽核指引,也包含資訊安全及數據中心
作業之相關稽核指引。
A02-S03-C01-Q03
Are procedures defined for the correction, deletion,
and locking of per-sonal data on request from the
affected individual? If so, which are de-fined?
是否有訂定,供當事人提請修正、刪除及封鎖影響
其本身之相關資料的程序?
*****
Please refer to ECSA-DataPrivacyAuditGuide
請參考
ECSA -
資料隱私保護稽核指引,也包含資訊安全及數據中心
作業之相關稽核指引。
A02-S03-C01-Q04
Is the duration of data processing and deletion of data
clearly defined?
是否有清楚定義資料處理至資料刪除之期間?
****
Data controller is obliged to keep track of existence of personal data by
data processors.
資料控制者有意物持續追蹤資料處理者對個人資料的處置及儲存狀
況
A02-S03-C02-Q01
Compliance with national
data privacy requirements
國家資料隱私保護要求之
符合性
Is the customer entitled to request a signed written
contract from the contractor?
客戶是否有權向服務商要求有簽署之紙本合約?
****
Some countries require a written contract as long as Data Privacy rules
applies (only for specific countries)
在某些特定國家資料隱私保護法適用狀況下,會要求簽署紙本合約
A02-S03-C02-Q02
Are there detailed procedures described according to
which technical and organizational actions are imple-
mented in order to fulfil the national obligations of a
data controller?
如果當地法律或規定要求,是否可能防止實體資料
遭到刪除?
****
Please refer to ECSA-DataPrivacyAuditGuide
請參考
ECSA -
資料隱私保護稽核指引
A02-S04-C01-Q01
Service Level Agreements
服務水準協議
General requirements
一般要求
Is the Service Level Agreement part of the overall
contract and does it describe in a sufficient way to
guarantee service quality
合約是否包含服務水準協議,對其服務水準保證內
容之敘述是否充分?
(
詳細說明無法用來保證達到服
務水準,但可釐清保證之內容
)
***
Provide appropriate Service Level objectives which can be monitored by
the Customer
提供可供客戶監控之適當服務水準目標