Already a subscriber? 
MADCAD.com Free Trial
Sign up for a 3 day free trial to explore the MADCAD.com interface, PLUS access the
2009 International Building Code to see how it all works.
If you like to setup a quick demo, let us know at support@madcad.com
or +1 800.798.9296 and we will be happy to schedule a webinar for you.
Security check
Please login to your personal account to use this feature.
Please login to your authorized staff account to use this feature.
Are you sure you want to empty the cart?
PD CEN/CLC/TS 18072:2025 Requirements for Conformity Assessment Bodies certifying Cloud Services, 2025
- undefined
- European foreword
- Introduction
- 1 Scope
- 2 Normative references
- 3 Terms and definitions
- 4 General requirements [Go to Page]
- 4.1 Legal and contractual matters [Go to Page]
- 4.1.1 Legal responsibility
- 4.1.2 Certification agreement
- 4.1.3 Use of license, certificates and marks of conformity
- 4.2 Management of impartiality [Go to Page]
- 4.2.1 General
- 4.2.2 Nonconflicting activities
- 4.3 Liability and financing
- 4.4 Non-discriminatory conditions
- 4.5 Confidentiality
- 4.6 Publicly available information
- 5 Structural Requirements [Go to Page]
- 5.1 Organizational structure and top management
- 5.2 Mechanisms for safeguarding impartiality
- 6 Resource Requirements [Go to Page]
- 6.1 Certification body personnel — Determination of competence criteria
- 6.2 Resources for Evaluation
- 7 Process requirements [Go to Page]
- 7.1 General requirements
- 7.2 Application
- 7.3 Application review
- 7.4 Evaluation [Go to Page]
- 7.4.1 General
- 7.4.2 Types of evaluations
- 7.4.3 Preparation of the evaluation [Go to Page]
- 7.4.3.1 General
- 7.4.3.2 Evaluation programme
- 7.4.3.3 Determining the evaluation objectives and scope [Go to Page]
- 7.4.3.3.1 General
- 7.4.3.3.2 Objective for assurance level ‘Basic’
- 7.4.3.3.3 Objective for assurance level ‘Substantial’ and ‘High’
- 7.4.3.4 Determining evaluation time
- 7.4.3.5 Multi-site sampling
- 7.4.3.6 Remote evaluation
- 7.4.3.7 Evaluation plan
- 7.4.3.8 Sampling [Go to Page]
- 7.4.3.8.1 General
- 7.4.3.8.2 Operating effectiveness over a period of time
- Table 1: Sampling required [Go to Page]
- 7.4.3.9 Vulnerability Identification
- 7.4.4 Conducting evaluations [Go to Page]
- 7.4.4.1 Stage 1: Documentation review and preliminary evaluation [Go to Page]
- 7.4.4.1.1 General
- 7.4.4.1.2 Stage 1 requirements for assurance level ‘Basic’ [Go to Page]
- 7.4.4.1.2.1 General
- 7.4.4.1.2.2 Review of gathered evidence
- 7.4.4.1.3 Stage 1 Requirements for assurance levels ‘Substantial’ and ‘High’
- 7.4.4.2 Stage 2: Evaluation [Go to Page]
- 7.4.4.2.1 Stage 2 requirements for assurance level ‘Basic’ [Go to Page]
- 7.4.4.2.1.1 General
- 7.4.4.2.1.2 Analysis of results
- 7.4.4.2.1.3 Issuing the evaluation report
- 7.4.4.2.2 Stage 2 requirements for Assurance Level ‘Substantial’ and ‘High’ [Go to Page]
- 7.4.4.2.2.1 General
- 7.4.4.2.2.2 Suitability of the design of controls
- 7.4.4.2.2.3 Operating effectiveness
- 7.4.4.2.2.4 Analysis of results
- 7.4.4.2.2.5 Conclusion and recommendation
- 7.4.5 General requirements on conducting evaluations [Go to Page]
- 7.4.5.1 General
- 7.4.5.2 Conducting the opening meeting
- 7.4.5.3 Communication during the evaluation
- 7.4.5.4 Obtaining and verifying information
- 7.4.5.5 Identifying and recording evaluation findings
- 7.4.5.6 Closing meeting
- 7.4.5.7 Nonconformity handling
- 7.5 Review
- 7.6 Certification decision
- 7.7 Certification Documentation
- 7.8 Directory of certified products
- 7.9 Surveillance [Go to Page]
- 7.9.1 Introduction
- 7.9.2 General
- 7.9.3 Surveillance Evaluation
- 7.9.4 Recertification Evaluation
- 7.9.5 Special Evaluation
- 7.10 Changes affecting certification
- 7.11 Termination, reduction, suspension or withdrawal of certification
- 7.12 Records
- 7.13 Complaints and appeals
- 8 Management system requirements [Go to Page]
- 8.1 Options [Go to Page]
- 8.1.1 General
- 8.1.2 Option A
- 8.1.3 Option B
- 8.2 Management system documentation (Option A)
- 8.3 Control of documents (Option A)
- 8.4 Control of records (Option A)
- 8.5 Management review (Option A) [Go to Page]
- 8.5.1 General
- 8.5.2 Review inputs
- 8.5.3 Review outputs
- 8.6 Internal Audits (Option A)
- 8.7 Corrective actions (Option A)
- 8.8 Preventive actions (Option A)
- Annex A (normative) Required Knowledge and Skills
- A.1 General
- Table A.1 — Table of Knowledge and Skills
- A.2 Competence requirements for Information Security Evaluation
- A.2.1 General requirements
- A.2.2 Information security terminology, principles, practices and techniques
- A.2.3 Certification scheme-specific standards and normative documents
- A.2.4 Business management practices
- A.2.5 Client’s business sector
- A.2.6 Client’s products, processes and organization
- A.3 Competence requirements for leading the evaluation team
- A.4 Competence requirements for conducting the application review
- A.4.1 Information security standards and normative documents
- A.4.2 Client’s business sector
- A.4.3 Client’s products, processes and organization
- A.5 Competence requirements for reviewing evaluation reports and making certification decisions
- A.5.1 General
- A.5.2 Information security management terminology, principles, practices and techniques
- A.5.3 Information security standards and normative documents
- A.5.4 Client business sector
- A.5.5 Client products, processes and organization
- A.6 Demonstration of evaluator knowledge and experience
- A.6.1 General
- A.6.2 Selecting evaluators
- A.6.3 Selecting technical experts
- A.6.4 Selecting evaluators for leading the team
- Annex B (normative) Dependency Analysis
- B.1 General
- B.2 Assessing the availability of assurance documentation
- B.3 Assessing assurance related to individual requirements
- B.4 Certified Subservices
- Bibliography [Go to Page]
