Internal Guide Simplifies International Security Compliance for Cloud Software, Saving Significant Resources.
In a bid to streamline security compliance efforts for cloud-based software providers, Cisco has unveiled the "Cisco Cloud Controls Framework" (CCF), an internal guide aimed at assisting teams in meeting international security compliance and certification requirements for cloud products and services.
The CCF, described by Cisco as a simplified compliance and risk management strategy, is intended to help teams ensure that their cloud offerings adhere to robust security and privacy standards, ultimately leading to significant resource savings. Cisco acknowledges the challenges faced by cloud-based software providers in meeting the stringent requirements for security standards and certifications, deeming it "extremely challenging and resource- and time-intensive."
The framework serves as the foundational methodology for Cisco to expedite certification achievements across its cloud offerings, establishing a strong security baseline. Developed over years of standards research, the CCF certifies Software as a Service (SaaS) products for multiple standards, focusing on repeatable practices and operational efficiencies.
The guide provides comprehensive guidance on implementing controls and the necessary audit artifacts to demonstrate control effectiveness. Cisco commits to regularly updating the CCF to align with evolving regulations and incorporate new information into its compliance processes.
Companies can leverage the Cisco Cloud Controls Framework to define, implement, and demonstrate controls that form the foundation of security and privacy certifications across SaaS portfolios. The certifications covered include 27001: 2013, ISO 27701, ISO 27017, and ISO 22301.
Prasant Vadlamudi, Senior Director for Global Cloud Compliance at Cisco, emphasised the significance of the CCF in the company's security compliance strategy. Vadlamudi stated, "By sharing our CCF with customers and peers, we also continue to support our commitment to transparency and accountability that are foundational to Cisco’s DNA." The move aligns with Cisco's broader commitment to transparency, accountability, and advancing industry standards in the realm of cloud security compliance.
A message from our sponsors, The Ideas Distillery:
If you would like to look at how to implement an ISO 27001 information security management system, then simply contact us.
Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).
Comments