The Cloud Control Framework establishes a baseline set of control standards for financial services firms and cloud service providers (CSPs), operating across the shared responsibility model. The standards are intended to drive improved capability and consistency across the sector, whilst helping firms to clarify key requirements during cloud adoption. The Cloud Control Framework recognises that implementation of controls is likely to vary across the sector, and leverages work already undertaken by firms and CSPs and aims to create a trusted industry standard to support a sector-wide approach to cloud control standards. The Framework is endorsed by major CSPs and aligned to more detailed controls specifications documented in the Cyber Risk Institute’s (CRI) Cloud Profile.

Click here to access the document.