Читать книгу The Official (ISC)2 CCSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 61

A cloud solution needs to be auditable. This is an independent examination of the cloud services controls, with the expression of an opinion on their function with respect to their purpose. Are the controls properly implemented? Are the controls functioning and achieving their goal? These are the questions of an auditor.

A CSP will rarely allow a customer to perform on audit on their controls. Instead, independent third parties will perform assessments that are provided to the customer. Some assessments require a nondisclosure agreement (NDA), and others are publicly available. These include SOC reports, vulnerability scans, and penetration tests.