Continuous Auditing Certification

Concerns about security, privacy and regulatory requirements hinder cloud adoption, especially for customers working with highly sensitive data. Third-party certification and attestation play a key part in a cloud assurance program, but they don’t go far enough. Traditional point-in-time auditing doesn’t completely allay fears, due, amongst other things, to lapse of time between audits and lack of automation.

The EU-SEC project’s solution is to adopt a Continuous Auditing based Certification for cloud services. This process that will bring continuous assurance by addressing the lack of regularity and proactivity of traditional “point-in-time” certifications. Adopting cloud computing means trusting another party with the security and privacy of your data.

The EU-SEC project aims to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international certifications can co-exist. EU-SEC will improve the business value as well as the effectiveness and efficiency of existing cloud security certification schemes. The EU-SEC project aims to contribute to the trustworthiness, security and compliance of cloud infrastructures.

More Information

What is Continuous Auditing based Certification and why is it important?

Bitte akzeptieren Sie YouTube-Cookies, um dieses Video abzuspielen. Wenn Sie dies akzeptieren, greifen Sie auf Inhalte von YouTube zu, einem Dienst, der von einer externen dritten Partei bereitgestellt wird.

YouTube-Datenschutzerklärung

Wenn Sie diesen Hinweis akzeptieren, wird Ihre Wahl gespeichert und die Seite wird aktualisiert.

Who benefits from Continuous Auditing based certification?

Bitte akzeptieren Sie YouTube-Cookies, um dieses Video abzuspielen. Wenn Sie dies akzeptieren, greifen Sie auf Inhalte von YouTube zu, einem Dienst, der von einer externen dritten Partei bereitgestellt wird.

YouTube-Datenschutzerklärung

Wenn Sie diesen Hinweis akzeptieren, wird Ihre Wahl gespeichert und die Seite wird aktualisiert.

What is Continuous Auditing based Certification?

By using technology to monitor and flag noncompliant activity on an ongoing basis, continuous auditing delivers an enhancement to traditional certification.

The idea is to conduct an ongoing audit process in order to overcome the limitations of any ‘point in time’ assessment and, consequently, provide a more precise insight into the security and the privacy posture of an organisation

Why is it necessary?

  • Point-in-time approaches to security certification do not provide the high assurance and transparency required by cloud stakeholders with high risk profiles
  • Currently, security audits are usually performed at intervals of 6 or 12 months, leaving a window of risk where no audit is performed
  • Cloud service customers do not have an up-to-date status on the fulfilment of the requirements established by the certification goals