Dear members,
Below you can find the meting minutes from the PLA working group call of June 4th.
You can hear to the recording here:
Passcode: Tb6#Vcu6
Minutes:
Ongoing project: The group discussed the comparison and alignment of the EU Cloud code of conduct and the CSA code of conduct for GDPR compliance, with a focus on identifying any gaps and necessary adjustments. They also explored the transition from the current CSA CoC to the EU Code of Conduct for cloud service providers.
CSA CoC, and Sub-Processor Engagement
The group discussed the Cloud Service Agreement and the Code of Conduct (CoC) in relation to the engagement of sub-processors. Jacopo identified a potential gap in the CoC and suggested the introduction of a new control to address this. Marina agreed to review this suggestion. They also discussed the need for more detailed controls around the definition of processing activities.
Task Assignment and AI Discussion
The group discussed the assignment of tasks.
Louis committed to completing five additional tasks, on top of the 26 to 35 already assigned.
Marina will review the identified gaps in the CSA and WP 3.0 controls and provide feedback to Jacopo Dirutigliano.
Previous action items:
Update on new working group initiative on 'Mapping of the CSA Code of Conduct to the EU Cloud Code of Conduct' online document. The group members are called to work on the mapping in the 3rd Tab called 'PLA CoP v EUCloud COC' . (The first 2 tabs are for consulting). Row 8 can be used as an example.
- Isabella to review the CSA code of conduct to identify any potential gaps with the 5.1.D row 7, of EU cloud code of conduct. - PENDING
- Louis will review controls 15 to 19 and provide feedback on any gaps or suggestions for improvement. - DONE
- Marina to fill rows 10, 11, 12, 13, 14 - DONE
- Kathie to fill rows 21 to 25. - PENDING.
New action items:
Description of task: 'Mapping of the CSA Code of Conduct to the EU Cloud Code of Conduct' online document:
The group members are called to work on the mapping in the 3rd Tab called 'PLA CoP v EUCloud COC'
Column C contains the provision/control form the EU Code of Conduct while Column F will need to be filled with the corresponding provision from the CSA Code of Conduct.
Column H needs to be filled with the values of No Gap, Partial Gap or Full Gap, depending on the overlap the 2 Code of Conducts may or may not have. In the case of no gap, no amendment will be necessary from the CSP to the already implemented provision. In the case of 'partial or full gap', the CSP will need to amend the already implemented CSA CoC provision to match the EU CoC benchmark.
- Isabella ( @Isabella Oldani) to review the CSA code of conduct to identify any potential gaps with the 5.1.D row 7, of EU cloud code of conduct.
- Louis ( @Louis Pinault) to map rows 26-35
- Marina to review the identified gaps in the CSA and WP 3.0 controls and provide feedback to Jacopo Dirutigliano.
- Marina to map rows 36-45.
The EU Cloud Code of Conduct can be downloaded/consulted here.
The CSA Code of Conduct is in tab 'PLA Code of Practice (CoP) v4.1' here.
Next working group call:
Date: June 18
Time: 08:00 am. PT / 11:00 .m. ET / 15:00 GMT
URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09 (Meeting ID: 829 8738 2695, Passcode: 794440)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------