You are here

United Arab Emirates

Survey Answer:

The IAS-specific security controls for cloud computing requires:
(a) An entity to define information security requirements covering the retention, processing, and storage of data in cloud environments. This requires considering regulatory and other requirements potentially limiting the processing and storage of information in external entities “for example laws or business agreements preventing certain types of information from being stored outside national borders.”
(b) An entity to document relevant security requirements in service delivery agreements with cloud services providers. The sub-control specifies:
Each service delivery agreement for cloud services shall include provisions for:
(i) understanding and maintaining awareness of where information with applicable restrictions will be stored or transmitted in the cloud environment;
(ii) ensuring appropriate information migration plans at the end of the service period; and
(iii) ensuring all other cloud security requirements determined relevant by the entity are included in the service delivery agreement.

Provided By:
Andrew Fawcett and Krishna Jhala, Al Tamimi & Company