Audit resource location matches resource group location

Azure BuiltIn Policy definition

Control Domain

Control

Name

MetadataId

Category

Title

Owner

Requirements

Description

Info

Policy#

RMiT_v1.0

10.49

RMiT_v1.0_10.49

RMiT 10.49

Cloud Services

Cloud Services - 10.49

Shared

n/a

A financial institution must fully understand the inherent risk of adopting cloud services. In this regard, a financial institution is required to conduct a comprehensive risk assessment prior to cloud adoption which considers the inherent architecture of cloud services that leverages on the sharing of resources and services across multiple tenants over the Internet. The assessment must specifically address risks associated with the following: (a) sophistication of the deployment model; (b) migration of existing systems to cloud infrastructure; (c) location of cloud infrastructure; (d) multi-tenancy or data co-mingling; (e) vendor lock-in and application portability or interoperability; (f) ability to customise security configurations of the cloud infrastructure to ensure a high level of data and technology system protection; (g) exposure to cyber-attacks via cloud service providers; (h) termination of a cloud service provider including the ability to secure the financial institution's data following the termination; (i) demarcation of responsibilities, limitations and liability of the service provider; and (j) ability to meet regulatory requirements and international standards on cloud computing on a continuing basis.

link

Initiative DisplayName

Initiative Id

Initiative Category

State

Type

RMIT Malaysia

97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6

Regulatory Compliance

BuiltIn

Date/Time (UTC ymd) (i)

Change type

Change detail

2021-02-10 14:43:58

change

Major (1.0.0 > 2.0.0)