How to become a Cloud Officer?

This training aims to provide an introduction to the main regulatory requirements as defined by CSSF circular 17/654 (as amended by the circular 19/714) with a specific focus on the role of the Cloud Officer. In addition, it will address the practical implications of adopting cloud solutions while complying with the main provisions of the circular. The goal is to enable the CSSF supervised entities to increase its comfort level in relation to cloud specific regulation in order to support its digital transformation process.

This training course is designed as an essential step to assist you to address the following challenges, among others:

• What are the main responsibilities as a cloud officer?
• What are the key regulatory considerations you should know prior to your cloud outsourcing project?
• What are the key aspects you should know about your service providers?
• Which elements should be considered to conclude the materiality of your outsourcing arrangements?
• When should the competent authority be informed? What procedure should be followed?
• Where should the data centers be located?
• Which party is responsible for ensuring data and systems security in the context of a shared security model?
• What are the key contractual obligations of your service providers?
• What are the key technical aspects to be considered when adopting cloud solutions?
• What are the training resources provided by the service providers?

Objectives

At the end of the training, participants will be able to:

• Understand the main provisions of CSSF circular 17/654 (as amended by the circular 19/714)
• Describe the difference governance models supporting IT outsourcing
• Explain the role & responsibilities of a Cloud Officer
• Identify the key considerations with regard to Cloud Service Providers (CSP)
• Identify the main aspects of managing cloud risks, particularly in the context of a "shared security model"
• Describe the key documentation requirements

Compliance considerations & practical implications

• Evolution of regulatory landscape
• IT Outsourcing vs. Cloud computing outsourcing
• Main requirements of CSSF 17/654 (as amended)
• Role & Responsibilities of a Cloud officer
• Cloud & Professional secrecy requirements
• CSSF authorisation request process (i.e. Form B)
• Regulatory guidance on the key documentation to maintain (including. materiality assessment, due diligence, risk assessment, cloud register)

Key considerations for software & Cloud Solution Providers

• Landscape of cloud services offering (including Cloud services models, Cloud deployment models)
• Popular solutions observed in the market
• Managing outsourcing and cloud risks in a context of shared security model
• Contractual clauses & financial service compliance
• Cloud adoption - Prerequisites and way forward approach