Include exceptions in the Service Level Agreements, as necessary.

CONTROL ID
13912

CONTROL TYPE
Establish/Maintain Documentation

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

Establish, implement, and maintain a Service Level Agreement framework., CC ID: 00839

There are no implementation support Controls.

Procedures and technical safeguards for the encryption of sensitive data of the cloud customers for the storage are established. Exceptions apply to data that cannot be encrypted for the rendering of the cloud service for functional reasons. The private keys used for encryption are known only to the… (Section 5.8 KRY-03 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
In service level agreements, their process documentation or comparable documentation, the cloud provider provides comprehensible and transparent specifications regarding its jurisdiction as well as with respect to data storage, processing and backup locations, which allow an expert third party to as… (Section 4 UP-02 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
For each service delivered, the organization shall establish one or more SLAs based on the documented service requirements. The SLA(s) shall include service level targets, workload limits and exceptions (§ 8.3.3 ¶ 2, ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)