If I find something interesting on the web that I want to refer to again, or if I write something up that might become a proper blog post someday I often save it as a text file into one of a logical series of directories on my machine.

These files on my local machine are occassionally syncronized with this site. I try to give credit where credit is due whenever the text is not my own.

This site is RSS enabled.


       

in8snotes

Compliance and the Cloud

PCI Compliance and the cloud
http://www.zdnet.com/article/finding-pci-compliant-cloud-providers/

Technically, you cannot obtain PCI compliance if you store financial information in cloud storage because you typically cannot inspect the infrastructure, or make changes to it, the audit trail does not go all the way to the hypervisor since this could compromise other customers data and tracability and control of the data is a requirement. None of them explicitly claim to be PCI compliant, and some cannot be by design. Microsoft does come close.

HIPPA Compliance and the Cloud
https://www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html

HHS offers some guidance here, though guidance is code for: follow these suggestions or you may lose your lawsuit. "Lacking an encryption key does not exempt a CSP from business associate status and obligations under the HIPAA Rules. As a result, the covered entity (or business associate) and the CSP must enter into a HIPAA-compliant business associate agreement (BAA), and the CSP is both contractually liable for meeting the terms of the BAA and directly liable for compliance with the applicable requirements of the HIPAA Rules."

Last saved: 03/21/2017
/computers / cloud_compliance.txt



   
Copyright © 2017 iN8sWoRLd