4.1.3 Mapping Different Kinds of Account to Functional Elements of Accountability
In terms of the organisational lifecycle described in Section 3.1, provision of an account may take place in different phases, as shown in Figure 15. Example accounts corresponding to these four stages are shown in Table 17: Mapping of different kinds of account to functional elements.
Figure 15: Functional elements of organisational account provision.
|
Functional Element |
Types of Account |
|
Demonstrate effectiveness |
Data Protection Impact Assessment Notice to supervisory authorities (before processing) Documentation obtained, created and maintained by DC & DP |
|
Validate operations (organisation) |
Contractual compliance verification |
|
Attribute failure (exception cycle) |
Notification of data breach to data subjects Notification of data breach to supervisory authorities Notification from cloud provider to other cloud provider/organisation |
|
Perform external validation - Output of third party checking (to be shared) |
Certification & seals, e.g. OCF level 3 Audit reports Verification by third party accountability agent |
Table 17: Mapping of different kinds of account to functional elements.
In our analysis we do not focus on records used for internal use (for example, risk reduction and self-improvement) within the organisational lifecycle shown in Figure 15, but instead those for external use, and in particular some cases of evidence provided for compliance and data breach notifications.
Download the preliminary release of the Cloud Accountability Reference Architecture and the relevant A4Cloud Toolkit.
