Date:
20/03/1519/03/15
EuroCloud Europe a.s.b.l.
Version 3.0 Rev 10
EuroCloud Star Audit Certificate
No.
項次
I - Control Topic
控制主題
II - Control Scope
控制範疇
III - Control Question
控制題項
Star Rating
Audit Goal
驗證目標
取用服務是否在
VPN
虛擬專用網路或
VPC
虛擬專用
雲之安全機制下?
顯示連線用戶存取高度機敏資料(如病人醫療資料等)之隔離
程度
A03-S02-C01-Q04
Is a virus scanner used to protect against viruses, Trojans,
malware, etc.?
是否有使用病毒掃瞄工具來偵測防止病毒、特洛伊、惡
意程式等?
*****
Appropriate baseline security against cyber threats
防範網路威脅之適當資安底線
A03-S02-C02-Q01
Resilience
恢復彈性
Is load balancing carried out to increase reliability and
scalability?
有無進行負載平衡以增加可靠度及擴充性?
*****
Evidence of appropriate load balancing across redundant services
提供在備援服務過程中有適當負載平衡之證據
A03-S02-C03-Q01
Password Management
密碼管理
Is the password management system automated?
有自動化密碼管理系統嗎?
***
No user intervention is allowed to manage customer passwords
管理客戶密碼之過程不得有人為介入
A03-S02-C03-Q02
Are the passwords secured against unauthorized ac-
cess?
有防範非授權存取之密碼安全機制嗎?
***
Protection of passwords against decryption and unauthorized
access
保護密碼不被破解,且不遭非授權存取
A03-S03-C01-Q01 Technical Data Privacy
Measures
資料隱私管理之技術性措
施
Technical Data Privacy
Assessment
資料隱私管理之技術性評
估
Is the communication between the user and the service
fully encrypted?
使用者與服務間之溝通是否均全面加密?
***
Only allow https communication between end user and cloud service
最終使用者及雲服務間只允許經由
"
安全性超文件傳輸協定
"(https)
方式溝通
A03-S03-C01-Q02
Are the encryption technologies in use uncompromised
and at a sufficient encryption level?
使用中之加密技術是否是未被破解的,且已具足夠
加密等級
***
Encryption level is according to current market standard
加密等級係依據市場現有標準而定
A03-S03-C01-Q03
Are all data stored encrypted on data storage devices?
存放於資料儲存裝置之資料是否均已加密?
*****
Evidence of encryption mechanism for stored data
對於儲存資料進行加密之機制的證據
A03-S03-C01-Q04
Are backups sufficiently secured against unauthorized
access?
備份資料是否有足夠之安全措施,以防止非授權之
存取?
***
Archived data is included into all security processes
存檔資料應包含在所有資安流程中(作相關管制)
A03-S03-C01-Q05
Is there end-to-end encryption up to persistent storage ****
Key management is performed by the customer. The CSP should not
