The “AUDITOR” research project is aimed at designing, implementing in an exemplary way, and testing an EU-wide data protection certification of cloud services for long-term application.
AUDITOR tackles four major objectives to design an EU-wide data protection certification:
Requirements Catalogue
First, a requirements catalogue is developed that comprises certification controls that have to be fulfilled by the cloud services as well as recommendations for control fulfillment and assessment. The requirements catalogue is based on the GDPR and considers international standards such as C5 and EuroPrise.
Certification Scheme
Second, we develop a certification system that contains rules, procedures and management for carrying out the certification. As required by the GDPR, the certification scheme will be send to the Deutsche Akkreditierungsstelle (national accreditation body for the Federal Republic of Germany) for accreditation.
Standardization
The requirements catalogue will be published as DIN Specification (DIN-SPEC). A DIN SPEC is the fastest way to turn research into a marketable product.
Pilot Tests
The AUDITOR certification will be tested in three use cases with cloud service providers to validate research findings and ensure practical applicability.
Milestones
Following milestones are set to achieve these objectives:
- Ongoing: DIN-SPEC development,
- 06.06.2018: Publishing the requirements catalogue (current version 0.9),
- End 2018: Finishing the conformity assessment sheme,
- Spring 2019: Preparation phase for pilot tests,
- Spring 2019: Sending certification scheme to DAkkS,
- Summer 2019: Development of recommendations for applying the certification,
- Autumn 2019: Completion of pilot tests.