Privacy Level Agreement

Hello everyone,

I'm Data Security Team leader from CSA Great China Region. Recently, I'm working on translate CSA Code of Conduct for GDPR v4.0 to Chinese language together with my team.
"ANNEX 9: ENISA TECHNICAL GUIDELINES: SECURITY OBJECTIVES" is mentioned at end of the "Table of Contents" list, unfortunately, that Annex was not attached into the CoC document.
It's also difficult to find this contents from ENISA website. 
So where can I find that Annex 9 document?

looking forward to have some feedback for this topic.

Thanks,
Gao Wei

------------------------------
Wei GAO
Technical Expert
Consultant
------------------------------

Dear Wei,

The reference to Annex 9: ENISA Technical Guidelines: Security Objectives within the table of contents of the version of the CoC available on CSA's website is a leftover from earlier versions of the CoC. We would like to advise you to disregard this reference.

Annex 9 reproduced the security objectives described within ENISA's Technical Guidelines for the Implementation of Minimum Security Measures for Digital Service Providers, for ease of reference. Since that version, CSA replaced the ENISA Technical Guidelines with the Cloud Controls Matrix as the minimum security baseline for the PLA CoC (see Control no. 6.3., in particular), Annex 9 was removed from the CoC (but apparently not from the table of contents). This has been fixed in later versions of the CoC.

Best regards,

Lefteris Skoutaris

PLA WG PM

------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------

Original Message:
Sent: Jun 28, 2021 08:44:48 AM
From: Wei GAO
Subject: Where can I find Annex 9 of Code of Conduct for GDPR?

Hello everyone,

I'm Data Security Team leader from CSA Great China Region. Recently, I'm working on translate CSA Code of Conduct for GDPR v4.0 to Chinese language together with my team.
"ANNEX 9: ENISA TECHNICAL GUIDELINES: SECURITY OBJECTIVES" is mentioned at end of the "Table of Contents" list, unfortunately, that Annex was not attached into the CoC document.
It's also difficult to find this contents from ENISA website.
So where can I find that Annex 9 document?

looking forward to have some feedback for this topic.

Thanks,
Gao Wei

------------------------------
Wei GAO
Technical Expert
Consultant
------------------------------

Dear Lefteris,

Thanks for your valuable explaination.
Does PLA CoC replace CoC for GDPR 4.0?

Thanks,
Gao Wei



------------------------------
Wei GAO
Technical Expert
Consultant
------------------------------

Original Message:
Sent: Jul 12, 2021 05:08:20 AM
From: Eleftherios Skoutaris
Subject: Where can I find Annex 9 of Code of Conduct for GDPR?

Dear Wei,

The reference to Annex 9: ENISA Technical Guidelines: Security Objectives within the table of contents of the version of the CoC available on CSA's website is a leftover from earlier versions of the CoC. We would like to advise you to disregard this reference.

Annex 9 reproduced the security objectives described within ENISA's Technical Guidelines for the Implementation of Minimum Security Measures for Digital Service Providers, for ease of reference. Since that version, CSA replaced the ENISA Technical Guidelines with the Cloud Controls Matrix as the minimum security baseline for the PLA CoC (see Control no. 6.3., in particular), Annex 9 was removed from the CoC (but apparently not from the table of contents). This has been fixed in later versions of the CoC.

Best regards,

Lefteris Skoutaris

PLA WG PM

------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance

Original Message:
Sent: Jun 28, 2021 08:44:48 AM
From: Wei GAO
Subject: Where can I find Annex 9 of Code of Conduct for GDPR?

Hello everyone,

I'm Data Security Team leader from CSA Great China Region. Recently, I'm working on translate CSA Code of Conduct for GDPR v4.0 to Chinese language together with my team.
"ANNEX 9: ENISA TECHNICAL GUIDELINES: SECURITY OBJECTIVES" is mentioned at end of the "Table of Contents" list, unfortunately, that Annex was not attached into the CoC document.
It's also difficult to find this contents from ENISA website.
So where can I find that Annex 9 document?

looking forward to have some feedback for this topic.

Thanks,
Gao Wei

------------------------------
Wei GAO
Technical Expert
Consultant
------------------------------