Article 6
|
(Cloud supply chain management)
- A cloud service user that transmits and stores client data at a cloud service provider shall take effective protection measures by encrypting or codifying client data, andshall establish an adequate and suitable encryption key management system.
- A cloud service provider shallmaintain its service quality based on the service quality agreement entered with the cloud service user, and shall periodically provide the reports and operating records showing the service quality indexes under the agreement (e.g. system revision history, records of accessing the operating system images, etc.).
- A cloud service provider is responsible to monitor risks and errors of other partners in the cloud service supply chain that may potentially affect service quality.
- A cloud service provider shall promptly notify the affected cloud service users and its partners in the supply chain in the event of an information and communication security incident to the operation of the cloud services, and regularly update the information on the status of the incident.
|