Privacy Level Agreement

Back to discussions
Expand all | Collapse all

PLA WG Meeting Minutes, September 24th 2024.

  • 1.  PLA WG Meeting Minutes, September 24th 2024.

    Posted Oct 03, 2024 12:37:00 PM

    Dear members,

    Below you can find the meting minutes from the PLA working group call of September 24th.

    You can access the recording here: https://cloudsecurityalliance.zoom.us/rec/share/vvjKtQE-K_ftmw17htMIVij3q1oZ_DZlDVAbh1iv_SlRMuFMBnXhmmsaU1y0_Tm9.zk0wZcxMP4ExwU4A.  (Passcode: 2l?g*W!A)

    Minutes:
    Document Editing and Version Control Discussion
    Marina suggested the need for a column detailing how to fulfill gaps, identified between the CSA Code of Conduct and the EU Cloud Code of Conduct, which Jacopo agreed to. So the next step is filling in the recommendations column before publication for peer review. 
    Task Assignment and Progress Review
     The group discussed the assignment of tasks and the next steps for their project. They also discussed the categorization of gaps and the need for specific standard security measures. The team decided to divide the tasks among themselves and to draft recommendations for changes to implement addressing the organizations that need to transition from the CSA CoC to the EU Cloud CoC. 
    Previous action item about controls (rows 69 and 70):
    Regarding control [6.1.A] in row 69 and control, [6.1.B] in row 70, Jacopo and Louis discussed the EU Cloud Code of Conduct, focusing on the requirement that security measures should align with the sensitivity of customer personal data. They agreed it was a partial gap as the Code of Conduct does not explicitly state this, but implies it through sections on security measures (1.1 to 1.3) and risk assessment criteria. A key point was the need for a mechanism, like a data classification matrix, to determine the sensitivity level of different data types. The team decided to keep it as a full gap for now and include a remediation recommendation detailing how to classify data sensitivity levels in the next meeting.

    Previous Action Items:

    •  Finalise rows 69 and 70 of the mapping between CSA CoC to EU Cloud CoC. In column K of the respective rows, there is a comment by the chairs that has not been addressed and discussed yet, regarding the partial of full gap of these rows. - DONE
    • Additionally column L with 'Remediations', is empty and needs filling before public peer review.- In Progress

    Next Action Items:

    • Complete column L with Remediation (only for Full and Partial Gaps) for the transition from CSA CoC to the EU Cloud CoC:
    • The Remediation will be a recommendation for what to change in the CSA Code of Conduct in order to have the control of the EU Cloud CoC considered implemented.

    Next working group call:

    Date:Tuesday, October 8th

    Time: 08:00 a.m. P.T. / 11:00 a.m. E.T. / 15:00 GMT

    URL: https://cloudsecurityalliance.zoom.us/j/82987382695?pwd=amZ6cEljSCtXVU01OUVRbUUyTTNRdz09 (Meeting ID: 829 8738 2695, Passcode: 794440)

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------