标准摘要
[中文适用范围]: 审计的范围和边界,审计范围一般包括对物理和虚拟位置、功能、组织单位、活动和流程的描述,以及涵盖的时间段。审计范围是组织为特定时间范围制定的审计计划中的关键信息。每次审计的审计范围可以与组织的整体审计计划和目标保持一致。 [外文原描述]: This document surveys aspects of the audit of cloud services including: 1) role and responsibilities of parties conducting audit and description of the interactions between the CSC, CSP, and CSN; 2) approaches for conducting audits of cloud services to facilitate confidence in delivering and using cloud services; 3) examples of available frameworks and standards which can be used for audit schemes, for certification, and for authorization. This document builds upon the cloud auditor role as defined in ISO/IEC 17789 and ISO/IEC 22123. This document is applicable to all types and sizes of organizations that need to plan and conduct internal or external audits, and that use, provide and support cloud services. This document is not intended to describe certification or to identify controls that are published elsewhere.
英文名称Information technology - Cloud computing - Audit of cloud services