Gaia-X Catalog
Inicio
Credenciales
Credencial por ID
Subir credencial
Credenciales
Tagus
Loire
a369432f-5510-4de6-961f-dd05bbc1aa15
2018-04-05 17:31:00
https://storage.gaia-x.eu/credential-offers/b3e0a068-4bf8-4796-932e-2fa83043e203
Criterios
Ver
Contractual
P1.2.5
The Provider shall declare the general location of any processing of Customer Data, allowing the Customer to determine the applicable jurisdiction and to comply with Customer's requirements in the context of its business and operational context.
P1.1.1
The Provider shall offer the ability to establish a legally binding act. This legally binding act shall be documented.
P1.2.2
The Provider shall ensure there are provisions governing the rights of the parties to use the service and any Customer Data therein.
P1.2.3
The Provider shall ensure there are provisions governing changes, regardless of their kind.
P1.1.3
The Provider shall clearly identify for which parties the legal act is binding.
P1.2.8
The Provider shall include in the contract the contact details where Customer may address any queries regarding the Service Offering and the contract.
P1.3.2
The Provider shall ensure that the Service Offering is operated by a Gaia-X participant defined by a verified credential.
P1.2.6
The Provider shall explain how information about subcontractors and related Customer Data localization will be communicated.
P1.2.7
The Provider shall communicate to the Customer where the applicable jurisdiction(s) of subcontractors will be.
Protección de datos
P2.1.3
The Provider shall clearly define the technical and organizational measures in accordance with the roles and responsibilities of the parties, including an adequate level of detail.
P2.1.2
The Provider shall define the roles and responsibilities of each party.
P2.2.1
The Provider shall be ultimately bound to instructions of the Customer.
P2.2.2
The Provider shall clearly define how Customer may instruct, including by electronic means such as configuration tools or APIs.
P2.2.7
The Provider shall define the audit rights for the Customer.
Ciberseguridad
P3.1.8
Identity, Authentication and access control management: Limit access to information and information processing facilities.
P3.1.7
Operational Security: Ensure proper and regular operation, including appropriate measures for planning and monitoring capacity, protection against malware, logging and monitoring events, and dealing with vulnerabilities, malfunctions and failures.
P3.1.5
Asset Management: Identify the organisation's own assets and ensure an appropriate level of protection throughout their lifecycle.
P3.1.1
Organization of information security: Plan, implement, maintain and continuously improve the information security framework within the organisation.
P3.1.4
Human Resources: Ensure that employees understand their responsibilities, are aware of their responsibilities with regard to information security, and that the organisation's assets are protected in the event of changes in responsibilities or termination.
P3.1.3
Risk Management: Ensure that risks related to information security are properly identified, assessed, and treated, and that the residual risk is acceptable to the CSP.
P3.1.2
Information Security Policies: Provide a global information security policy, derived into policies and procedures regarding security requirements and to support business requirements
P3.1.6
Physical Security: Prevent unauthorised physical access and protect against theft, damage, loss and outage of operations.
P3.1.9
Cryptography and Key management: Ensure appropriate and effective use of cryptography to protect the confidentiality, authenticity or integrity of information.
P3.1.11
Portability and Interoperability: The CSP shall provide a means by which a customer can obtain their stored customer data, and provide documentation on how (where appropriate, through documented API’s) the CSC can obtain the stored data at the end of the contractual relationship and shall document how the data will be securely deleted from the Cloud Service Provider in what timeframe.
P3.1.13
Development of Information systems: Ensure information security in the development cycle of information systems.
P3.1.14
Procurement Management: Ensure the protection of information that suppliers of the CSP can access and monitor the agreed services and security requirements.
P3.1.15
Incident Management: Ensure a consistent and comprehensive approach to the capture, assessment, communication and escalation of security incidents.
P3.1.16
Business Continuity: Plan, implement, maintain and test procedures and measures for business continuity and emergency management.
P3.1.17
Compliance: Avoid non-compliance with legal, regulatory, self-imposed or contractual information security and compliance requirements.
P3.1.18
User documentation: Provide up-to-date information on the secure configuration and known vulnerabilities of the cloud service for cloud customers.
P3.1.19
Dealing with information requests from government agencies: Ensure appropriate handling of government investigation requests for legal review, information to cloud customers, and limitation of access to or disclosure of Customer Data.
P3.1.20
Product security: Provide appropriate mechanisms for cloud customers to enable product security.
P3.1.12
Change and Configuration Management: Ensure that changes and configuration actions to information systems guarantee the security of the delivered cloud service.
P3.1.10
Communication Security: Ensure the protection of information in networks and the corresponding information processing systems.
Portabilidad
P4.1.1
The Provider shall implement practices for facilitating the switching of Providers and the porting of Customer Data in a structured, commonly used and machine-readable format including open standard formats where required or requested by the Customer.
P4.1.2
The Provider shall ensure pre-contractual information exists, with sufficiently detailed, clear and transparent information regarding the processes of Customer Data portability, technical requirements, timeframes and charges that apply in case a professional user wants to switch to another Provider or port Customer Data back to its own IT systems.
Control europeo
P5.2.1
The Provider shall not access Customer Data unless authorized by the Customer or when the access is in accordance with applicable laws in scope of the legally binding act.
Sostenibilidad
La credencial no cumple los criterios de sostenibilidad.
608c28dd-0ef8-49cd-9c56-efae96838b31
2025-02-25 00:00:00
https://storage.gaia-x.eu/credential-offers/b3e0a068-4bf8-4796-932e-2fa83043e203
Criterios
Ver
Contractual
P1.2.5
The Provider shall declare the general location of any processing of Customer Data, allowing the Customer to determine the applicable jurisdiction and to comply with Customer's requirements in the context of its business and operational context.
P1.1.1
The Provider shall offer the ability to establish a legally binding act. This legally binding act shall be documented.
P1.2.2
The Provider shall ensure there are provisions governing the rights of the parties to use the service and any Customer Data therein.
P1.1.3
The Provider shall clearly identify for which parties the legal act is binding.
P1.2.3
The Provider shall ensure there are provisions governing changes, regardless of their kind.
P1.2.8
The Provider shall include in the contract the contact details where Customer may address any queries regarding the Service Offering and the contract.
P1.3.2
The Provider shall ensure that the Service Offering is operated by a Gaia-X participant defined by a verified credential.
P1.2.6
The Provider shall explain how information about subcontractors and related Customer Data localization will be communicated.
P1.2.7
The Provider shall communicate to the Customer where the applicable jurisdiction(s) of subcontractors will be.
P1.3.1
The Provider shall describe the Permissions, Requirements and Constraints of the Service Offering using a common Domain-Specific Language (DSL) in the self-description.
Protección de datos
P2.1.3
The Provider shall clearly define the technical and organizational measures in accordance with the roles and responsibilities of the parties, including an adequate level of detail.
P2.1.2
The Provider shall define the roles and responsibilities of each party.
P2.2.1
The Provider shall be ultimately bound to instructions of the Customer.
P2.2.2
The Provider shall clearly define how Customer may instruct, including by electronic means such as configuration tools or APIs.
P2.2.7
The Provider shall define the audit rights for the Customer.
P2.2.4
The Provider shall clearly define if and to the extent third country transfers will take place, and by which means of Chapter V GDPR these transfers will be protected.
P2.1.1
The Provider shall offer the ability to establish a contract under Union or EU/EEA/Member State law and specifically addressing GDPR requirements.
Ciberseguridad
P3.1.8
Identity, Authentication and access control management: Limit access to information and information processing facilities.
P3.1.7
Operational Security: Ensure proper and regular operation, including appropriate measures for planning and monitoring capacity, protection against malware, logging and monitoring events, and dealing with vulnerabilities, malfunctions and failures.
P3.1.5
Asset Management: Identify the organisation's own assets and ensure an appropriate level of protection throughout their lifecycle.
P3.1.1
Organization of information security: Plan, implement, maintain and continuously improve the information security framework within the organisation.
P3.1.4
Human Resources: Ensure that employees understand their responsibilities, are aware of their responsibilities with regard to information security, and that the organisation's assets are protected in the event of changes in responsibilities or termination.
P3.1.3
Risk Management: Ensure that risks related to information security are properly identified, assessed, and treated, and that the residual risk is acceptable to the CSP.
P3.1.2
Information Security Policies: Provide a global information security policy, derived into policies and procedures regarding security requirements and to support business requirements
P3.1.6
Physical Security: Prevent unauthorised physical access and protect against theft, damage, loss and outage of operations.
P3.1.9
Cryptography and Key management: Ensure appropriate and effective use of cryptography to protect the confidentiality, authenticity or integrity of information.
P3.1.11
Portability and Interoperability: The CSP shall provide a means by which a customer can obtain their stored customer data, and provide documentation on how (where appropriate, through documented API’s) the CSC can obtain the stored data at the end of the contractual relationship and shall document how the data will be securely deleted from the Cloud Service Provider in what timeframe.
P3.1.13
Development of Information systems: Ensure information security in the development cycle of information systems.
P3.1.14
Procurement Management: Ensure the protection of information that suppliers of the CSP can access and monitor the agreed services and security requirements.
P3.1.15
Incident Management: Ensure a consistent and comprehensive approach to the capture, assessment, communication and escalation of security incidents.
P3.1.16
Business Continuity: Plan, implement, maintain and test procedures and measures for business continuity and emergency management.
P3.1.17
Compliance: Avoid non-compliance with legal, regulatory, self-imposed or contractual information security and compliance requirements.
P3.1.18
User documentation: Provide up-to-date information on the secure configuration and known vulnerabilities of the cloud service for cloud customers.
P3.1.19
Dealing with information requests from government agencies: Ensure appropriate handling of government investigation requests for legal review, information to cloud customers, and limitation of access to or disclosure of Customer Data.
P3.1.20
Product security: Provide appropriate mechanisms for cloud customers to enable product security.
P3.1.12
Change and Configuration Management: Ensure that changes and configuration actions to information systems guarantee the security of the delivered cloud service.
P3.1.10
Communication Security: Ensure the protection of information in networks and the corresponding information processing systems.
Portabilidad
P4.1.1
The Provider shall implement practices for facilitating the switching of Providers and the porting of Customer Data in a structured, commonly used and machine-readable format including open standard formats where required or requested by the Customer.
P4.1.2
The Provider shall ensure pre-contractual information exists, with sufficiently detailed, clear and transparent information regarding the processes of Customer Data portability, technical requirements, timeframes and charges that apply in case a professional user wants to switch to another Provider or port Customer Data back to its own IT systems.
Control europeo
P5.2.1
The Provider shall not access Customer Data unless authorized by the Customer or when the access is in accordance with applicable laws in scope of the legally binding act.
Sostenibilidad
La credencial no cumple los criterios de sostenibilidad.