WEBVTT 00:00:00.540 --> 00:00:05.500 If you happen to exist in Europe and come under some stringent mandates, 00:00:05.500 --> 00:00:10.580 like GDPR, it could be helpful to evaluate your cloud service provider by 00:00:10.580 --> 00:00:16.390 means of EuroCloud. EuroCloud has a StarAudit program that is an 00:00:16.400 --> 00:00:20.860 independent nonprofit organization with an international network of 00:00:20.860 --> 00:00:23.120 accredited partners and professionals. 00:00:23.130 --> 00:00:27.510 It's designed to facilitate the growth of cloud‑based services and the 00:00:27.510 --> 00:00:31.000 corresponding innovations on a global perspective. 00:00:31.060 --> 00:00:34.470 StarAudit has these five activity areas, 00:00:34.480 --> 00:00:37.680 awareness programs, data privacy compliance, 00:00:37.690 --> 00:00:41.590 knowledge transfer, start up encouragement, standards and 00:00:41.600 --> 00:00:46.540 interoperability between cloud service platforms, and the idea of 00:00:46.540 --> 00:00:50.940 having a harmonization of legal frameworks, which is something that 00:00:50.950 --> 00:00:55.320 is true of the European union, the harmonization of law. When a 00:00:55.320 --> 00:00:58.360 StarAudit certification is carried out, 00:00:58.390 --> 00:01:05.010 it is a two‑way trust between consumer and provider, and the assessments are 00:01:05.010 --> 00:01:09.800 done in such a way that they provide accountable quality capabilities to see 00:01:09.800 --> 00:01:13.630 transparently into the cloud service provider's control. 00:01:13.640 --> 00:01:17.820 There's also a need to make sure that your professionals, 00:01:17.830 --> 00:01:21.420 IT, legal, and procurement, all have a certain level of 00:01:21.420 --> 00:01:25.260 training and competency necessary to carry out their 00:01:25.260 --> 00:01:27.960 responsibility for managing cloud services. 00:01:28.340 --> 00:01:31.800 When we look at the StarAudit Assessment Tool, 00:01:31.810 --> 00:01:36.050 it is designed so that there can be self‑assessments by the cloud service 00:01:36.050 --> 00:01:40.830 providers that they could do compliance checks that exist outside of their 00:01:40.830 --> 00:01:45.440 self‑assessment, gap analysis for bringing on new services, there being 00:01:45.440 --> 00:01:50.360 changes in laws and regulations, comparing vendors for the cloud consumer, 00:01:50.360 --> 00:01:55.780 making sure that there's a checklist for the development of new information, 00:01:55.790 --> 00:02:00.730 and also the auditing capabilities that would be necessary to provide 00:02:00.730 --> 00:02:02.610 assurance for consumers. 00:02:02.620 --> 00:02:07.810 Their vision is to create tools that deliver the framework, 00:02:07.810 --> 00:02:12.240 the assessment, and the certification in a trustworthy way. 00:02:12.250 --> 00:02:15.540 They also want to make sure that they're reducing the need for 00:02:15.540 --> 00:02:20.270 costly individual assessments and having a resource space so 00:02:20.270 --> 00:02:22.220 that it can be used repeatedly. 00:02:22.230 --> 00:02:26.790 From a transparency perspective, they're verifying that they have a high 00:02:26.790 --> 00:02:30.610 level of openness for customers and providers alike, 00:02:30.620 --> 00:02:34.970 and then they want to make sure that they enable an efficient process for 00:02:34.970 --> 00:02:39.710 transferring knowledge based off of accrediting different parties, 00:02:39.710 --> 00:02:41.480 be the contractual, 00:02:41.480 --> 00:02:45.310 sub‑contractual, insurance, and other types of information 00:02:45.310 --> 00:02:47.460 necessary for protection in the cloud. 00:02:47.470 --> 00:02:48.100 Finally, 00:02:48.110 --> 00:02:52.240 let's consider what we should be thinking about if our 00:02:52.250 --> 00:02:55.660 audit process turns into forms of testing.