1. Global projects for compliance programs of large-scale Cloud providers
Especially for larger compliance programs, we put great emphasis on a thorough analysis of control systems in order to understand all relevant correlations. This allows us, for example, to identify overlaps between control sets of individual Cloud solutions and hence, increase efficiency by including this knowledge into our projects. This becomes particularly important in case a Cloud Service Provider strives to demonstrate compliance to the requirements of several compliance schemes. We thereby help Cloud Service Providers to standardise their internal control system and reduce the overall effort required for compliance audits.
In international projects, we work closely together with our colleagues from other PwC network firms. This is allows us to detect synergies which result from combining different audits carried out at different locations, for example BSI C5 and SOC 2. By doing so, we can implement global audit projects and deliver them out of one hand.
2. Tailored solutions for small and mid-scale Cloud service providers
We support small and mid-scale Cloud Service Providers in building, extending or optimising their control systems and compliance frameworks. For instance, this also involves providing consulting in the selection of available compliance schemes that meet the requirements of the Cloud users.
Before conducting the actual audit project, we offer to start with a small pre-project (Quick Check) that lasts a few days. This enables our client not only to see how we apply the respective compliance scheme, but also to get to know our approach and our testing methodology. In addition, based on the results of the Quick Check, we give precise recommendations for action and tailor our proposal for the actual audit project.