- SAS 70
This is the most popular standard that all cloud service vendors must know. We can find out from a research that more than 67 percent of cloud service vendors apply this standard for their services. SAS 70 is a globally agreed standard that originally came from the AICPA, which is the American Institute of Certified Public Accountants. The standard means that an auditor need to employ if he would like to make assessment the inside management of such a service company as a hosted data center, insurance claims processor as well as many others, or an organization that offers their costumers such services which may have an impact on the activities of the contracting enterprise.
- PCI DSS
It is estimated that approximately 42 percent of cloud service vendors adopt the standard named PCI DSS, which stands for Payment Card Industry Data Security Standard. PCI DSS is an internationally recognized security standard which all companies, especially the ones that hold or process or transfer and return credit card as well as credit card holder details, apply to their services. This standard was developed with the aim of providing the payment card industry more access around data and to make sure it is not exposed to others. Another purpose of this standard is to making sure your clients will not have to commit any theft or mistakes related to finance while they take advantage of a credit card.
SOX, which is also known as Sarbanes-Oxley, is a standard for cloud security that means particular regulatory as well as demands on financial reporting. In terms of its aims, SOX is devised form the legislation of all the standards relating to finance, and is developed so as to prevent shareholders and the users from falling into such troubles as account errors or false practices. What is more, SOX also has influences on IT offices which have electronic records by making sure that all entrepreneur records, with both mails as well as other electronic records, are protected up to five years or more. Any failure can lead to fines or even crime. Until now, only 33 percent of cloud service vendors are adopting SOX.
- ISO 27001
Also 33 percent of cloud service vendors are following the standard ISO 27001. This is a standard which was introduced in the year of 2005 with the purpose of providing users with a model for setting up, installing, running, managing, checking as well as maintaining their Information Security Management System, which is also shortly written as ISMS. The system here is a framework of both policies and procedures that have all legal controls within risk control processes of a company.
- Safe Harbor
Nowadays, 25 percent of cloud service vendors follow the Safe Harbor regulatory, which is a process for companies which save their customer data. The aim of this standard is to help avoid accidental information loss. The companies that follow this standard Safe Harbor must follow the main guidelines which are Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement. Following all this can help users be announced when their data is gather as well as how the data could be utilized, provide users with the right to choose data gathering and deliver data to third parties as well. In addition, the users also have access to information about them and then they are able to whether adjust or remove if that information is not true about them. Last but not least, security means that their collected data can be protected from being loss or being attacked.