The judgment of the European Court of Justice (ECJ) against the Transatlantic Privacy Shield triggered many discussions on data privacy and cloud computing. Data privacy specialists now recommend that precise checks are made as to whether personal data is still allowed to be processed in the public cloud by cloud providers outside of Europe. Often those responsible are not even aware when processes or technical solutions violate laws or internal compliance guidelines. Or do you know...
In order to bring your IT and applications in line with legal requirements (e.g. the GDPR) and compliance guidelines, you should clarify the following questions:
At T-Systems, we are aware of all of these challenges thanks to the experience we have gained during thousands of projects with large companies. Together with you, we create the technical framework needed to support your relevant compliance and legal requirements - also in the cloud. To achieve this, we operate some of the most secure data centers in the world. Such as the highly secure twin-core data center of T-Systems in Biere in Saxony-Anhalt – the "Fort Knox for data".
We ensure the IT security and integrity of your information, processes and systems around the clock. In doing so, we rely on our own standards. With our security standards such as ESARIS (Enterprise Security Architecture for Reliable ICT Services), we not only fulfill GDPR requirements, but also set the tone. Many other IT service providers now use our ESARIS approach to ensure secure and traceable service delivery themselves. The following additional principles and standards also apply to us:
Service Organization Controls (SOC) 1 reports check the effectiveness of control systems via a historic review period of at least six months and facilitate company financial reporting tasks, such as year-end audits. The SOC 2 report assesses a market service to guarantee the ‘Trust Service Principles.’
The criteria catalog C5 (Cloud Computing Compliance Criteria Catalog) specifies minimum requirements of secure cloud computing. C5 offers cloud customers an important guide for choosing a provider.
The International Standard on Assurance Engagements 3000 from the International Federation of Accountants (IFAC) regulates the procedure for business audits beyond the audit reviews of financial information such as year-end accounts.
The International Standard on Assurance Engagements 3402 (see also SOC 1) is an international audit standard which regulates the auditing of an internal control system at a service provider by an auditor. It is particularly relevant for auditing financially pertinent systems.
At Deutsche Telekom, the PSA procedure is a key component of guaranteeing security and data privacy. It ensures that all projects focused on the development and launch of new technologies and products meet the high demands of technical security and data privacy.
Zero Outage is a holistic quality assurance program from T-Systems. It has the clear aim of reducing outage times down to zero. To do this, measures are put in place on all levels: from state-of-the-art platforms and globally uniform processes with short fault clearance times to specially trained personnel and tried-and-tested risk management.