Public Cloud Security Standard

The Public Cloud Security Standard (the Standard) establishes security requirements and controls to maintain the Confidentiality, integrity, and availability of the Company’s data in the public cloud.

The Public Cloud Security Standard is established to ensure proper and effective use of cloud-based services to protect Company’s data and assets. The public cloud is multi-tenant environment and offers limited control over hosted data and services. Lack of sufficient security controls may lead to disclosure of sensitive or confidential data or may adversely impact the data integrity or service availability. This may result in legal, regulatory or contractual non-compliance and reputational loss to the Company.

This standard applies to Company information assets that process or store Company information and to all personnel with access to such assets. This includes any systems operating within Company’s network as well as any third party hosted services. This standard is limited to Company public cloud infrastructure; controls included in this standard are not applicable to private cloud infrastructure.

A public cloud is one in which the infrastructure and computational resources are made available to the general public as a multitenancy service on shared physical resources, generally accessed over the Internet. It is owned and operated by a cloud provider delivering cloud services to consumers and, by definition, is external to the consumers’ organizations.

A private cloud is one in which the computing environment is operated exclusively for a single organization. It may be managed by the organization or by a third party. It may also be hosted within an organization’s data center or a third-party data center.