1 Fundamental Concepts
We adopt a definition of accountability which can be applied to most enterprise operations, and most notably to IT-supported functions:
accountability is the state of
- accepting allocated responsibilities,
- explaining and demonstrating compliance to stakeholders and
- remedying any failure to act properly;
where these responsibilities are derived from
- law,
- social norms,
- agreements,
- organisational values and
- ethical obligations.
This section summarises the key concepts and models which form the foundation on which this Reference Architecture is built, including the accountability model below:
Figure 4: The cloud accountability model.
The context of our work is the cloud, with the associated ecosystem or customers, providers, auditors and regulators. While we often refer to accountability in the context of data protection, our aim is to design an architecture which is addressing the property of accountability rather than the topic to which it is applied (e.g. accountability for data protection or accountability for service availability).
Download the preliminary release of the Cloud Accountability Reference Architecture and the relevant A4Cloud Toolkit.