7                                                     Security


                  12.3  Backup

                  12.4  Logging and monitoring
                  12.5  Control of operational software
                  12.6  Technical vulnerability management
                  12.7  Information systems audit considerations
            13    Communications security

                  13.1  Network security management
                  13.2  Information transfer
            14    System acquisition, development and maintenance

                  14.1  Security requirements of information systems
                  14.2  Security in development and support processes
                  14.3  Test data
            15    Supplier relationships
                  15.1  Information security in supplier relationships

                  15.2  Supplier service delivery management
            16    Information security incident management
                  16.1  Management of information security incidents and improvements

            17    Information security aspects of business continuity management
                  17.1  Information security continuity
                  17.2  Redundancies
            18    Compliance

                  18.1  Compliance with legal and contractual requirements
                  18.2  Information security reviews
            Annex A – Cloud service extended control set

            Annex B – References on information security risk related to cloud computing
            Bibliography































            1044