ISO/IEC TR 3445:2022 信息技术 云计算 云服务审计

标准编号：ISO/IEC TR 3445:2022

中文名称：信息技术 云计算 云服务审计

英文名称：Information technology — Cloud computing — Audit of cloud services

发布日期：2022-03

标准范围

ISO/IEC TR 3445:2022本文件调查了云服务审计的各个方面，包括:1)进行审计的各方的角色和职责以及CSC、CSP和CSN之间互动的描述；2)对云服务进行审计的方法，以促进对交付和使用云服务的信心；3)可用于审计方案、认证和授权的可用框架和标准的示例。本文档建立在ISO/IEC 17789和ISO/IEC 22123中定义的云审计员角色之上。本文档适用于需要计划和执行内部或外部审计，以及使用、提供和支持云服务的所有类型和规模的组织。本文件无意描述认证或确定其他地方发布的控制措施。

ISO/IEC TR 3445:2022 This document surveys aspects of the audit of cloud services including:
1) role and responsibilities of parties conducting audit and description of the interactions between the CSC, CSP, and CSN;
2) approaches for conducting audits of cloud services to facilitate confidence in delivering and using cloud services;
3) examples of available frameworks and standards which can be used for audit schemes, for certification, and for authorization.
This document builds upon the cloud auditor role as defined in ISO/IEC 17789 and ISO/IEC 22123.
This document is applicable to all types and sizes of organizations that need to plan and conduct internal or external audits, and that use, provide and support cloud services.
This document is not intended to describe certification or to identify controls that are published elsewhere.

标准预览图