Date: 23/01/15
EuroCloud Europe a.s.b.l.
Version 3.0 Rev10
EuroCloud Star Audit Certificate
No.
I - Control Topic
II - Control Scope
III - Control Question
Star Rating
Audit Goal
A02-S02-C02-Q03
Is the protection of customer data and accessibility of the
data for the customer ensured in the case of bankruptcy of
the provider?
*****
Full procedure description and clear statement which entitles the
customer to the same level of access from any successor of the opera-
tional service.
A02-S03-C01-Q01
Contractual Data Privacy
requirements
Technical and organizational
procedures
Is the use and processing of personal data clearly specified
for the type of service?
****
The role and functional description of the provider as data processor is
clearly described (if applicable).
A02-S03-C01-Q02
Is it clearly negotiated that any change of the service which
might affect the nature of personal data processing has to
be agreed and confirmed by the customer (data control-
ler)?
****
Please refer to ECSA-DataPrivacyAuditGuide.
A02-S03-C01-Q03
Are procedures defined for the correction, deletion, and
locking of personal data on request from the affected
individual? If so, which are defined?
*****
Please refer to ECSA-DataPrivacyAuditGuide.
A02-S03-C01-Q04
Is the duration of data processing and deletion of data
clearly defined?
****
Data controller is obliged to keep track of existence of personal data by
data processors.
A02-S03-C02-Q01
Compliance with national
data privacy requirements
Is the customer entitled to request a signed written con-
tract from the contractor?
****
Some countries require a written contract as long as Data Privacy rules
applies (only for specific countries).
A02-S03-C02-Q02
Are there detailed procedures described according to
which technical and organizational actions are implement-
ed in order to fulfil the national obligations of a data
controller?
****
Please refer to ECSA-DataPrivacyAuditGuide.
A02-S04-C01-Q01
Service Level Agreements
General requirements
Is the Service Level Agreement part of the overall contract
and does it describe in a sufficient way the guarantee of
service quality
***
Provide appropriate Service Level objectives which can be monitored by
the Customer.
A02-S04-C02-Q01
Verifiability
Is the fulfilment of the SLA verifiable by the customer?
****
At least quarterly reports or direct dashboard with specified KPIs
A02-S04-C03-Q01
Service disruption
Does the SLA include penalty agreements in the case of
insufficient service quality?
*****
The situation of being off SLA target might lead to serious implications
for the customer and has to be clarified on a contract level.
A02-S05-C01-Q01
Terms in case of bankruptcy
Terms in case of bankruptcy
Is the Cloud Service secured by an Escrow Agreement for
continuation by other parties?
*****
A formal escrow holder is specified, who is responsible to support the
customer for data archiving and transfer.
A02-S05-C01-Q02
Is there a non-constraining right provided for the customer
against the DC in the case of bankruptcy of the DC provider
who is hosting the physical data?
****
The contract or a special legal entitlement is in place to request access
to customer data at the physical location of data storage.