Chat with Experta

User
What kind of evidence is needed for control A.5.23 Information security for use of cloud services?
Experta
During the certification audit, the auditor might look for the following evidence regarding control A.5.23 Information security for use of cloud services: if security requirements for cloud services are defined, and if the cloud is managed accordingly.

Examples:
A company has defined in its Supplier Security Policy how security requirements for cloud services are defined and managed — the auditor might ask to see several contracts signed with cloud providers to see if security clauses were included, and if cloud services are monitored accordingly.