When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to track approved cloud services, ownership, data exposure, shared responsibility, review status, and exit readiness.
Register
| Cloud service | Provider | Business owner | Data classification | Data location | Support location/access | Shared responsibility documented | Required security features | Incident notification method | Agreement reference | Review frequency | Exit plan status |
|---|---|---|---|---|---|---|---|---|---|---|---|
Review checklist
- Business owner assigned.
- Information classification recorded.
- Data location and support access reviewed.
- Shared responsibility documented.
- Required security features enabled or risk-accepted.
- Provider incident notification route defined.
- Service review evidence available.
- Exit plan documented for critical services.
Related notes
- Template
- Cloud security
- Supplier security
- Iso27001
Note Metadata
Aliases: Cloud Register
Source: 90 Templates/Cloud Service Register.md
Related Notes
- ISO 27001 A.5.23 - Information Security for Use of Cloud Services
- ISO 27001 A.5.31 - Legal, Statutory, Regulatory and Contractual Requirements
- A.5.23 Audit Evidence Pack
- A.5 Organizational Controls Implementation Guide
- ISO27001-A.5.23 Information Security for Use of Cloud Services
- ISO 27002 Annex A Control Interpretation Map
- A.5.23 Audit Checklist
- Cloud Security Requirements and Exit Checklist
- Supplier Security Register
- Templates MOC