Establish policy on using cloud services, define security requirements, roles, and responsibilities, manage controls and changes, handle incidents, monitor and review risk, review agreements, identify and accept residual risks, ensure the protection of data and service availability, require advance notification of changes, maintain contact with providers for mutual exchange of information.
Conformance1
Tools for conforming to standards, goals and processes
