Cloud compliance: SOC 2, ISO 27017, ISO 27018, CSA STAR and FedRAMP
Cloud compliance encompasses the full range of regulatory requirements and certification standards for cloud services: SOC 2 (Trust Service Criteria), ISO 27017 (cloud-specific security controls), ISO 27018 (data protection in the cloud), CSA STAR (Cloud Security Alliance), FedRAMP (U.S. federal agencies), C5 (BSI), and EUCS (EU Cloud Scheme). This article explains the differences, requirements, and certification processes.
Summary: IT security compliance refers to adherence to legal provisions, regulatory requirements, and contractual obligations in the field of information security. Relevant frameworks for German companies: GDPR, NIS2, ISO 27001, BSI IT-Grundschutz, KRITIS Regulation, industry-specific regulations (BAIT, VAIT, KAIT).
Questions about this topic?
Our experts advise you free of charge and without obligation.
About the Author
Dipl.-Math. (WWU Münster) und Promovend am Promotionskolleg NRW (Hochschule Rhein-Waal) mit Forschungsschwerpunkt Phishing-Awareness, Behavioral Security und Nudging in der IT-Sicherheit. Verantwortet den Aufbau und die Pflege von ISMS, leitet interne Audits nach ISO/IEC 27001:2022 und berät als externer ISB in KRITIS-Branchen. Lehrbeauftragter für Communication Security an der Hochschule Rhein-Waal und NIS2-Schulungsleiter bei der isits AG.
3 Publikationen
- Different Seas, Different Phishes - Large-Scale Analysis of Phishing Simulations Across Different Industries (2025)
- Self-promotion with a Chance of Warnings: Exploring Cybersecurity Communication Among Government Institutions on LinkedIn (2024)
- Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk (2024)
