Cloud computing in finance
The so-called PolishCloud based on, inter alia, the Position of the PFSA of 24 January 2020* serve as a roadmap for banks in Poland seeking to implement cloud computing services.
The unique expertise acquired while working on the PolishCloud and years of experience gained in servicing clients from the financial sector have enabled us to develop a comprehensive package of services that will help you efficiently and effectively implement any cloud computing service in your company.
This consists of a set of guidelines, recommendations and explanations to enable universal and secure use of public and hybrid cloud computing solutions by supervised entities. For some years, these solutions were used by supervised entities, including banks, to a limited extend or not at all, due to the legal environment.
Information, legislation, advice on PolishCloud implementation
Developed by Kochański & Partners
Cloud computing implementation
The scope of our services covers:
- legal audit of a cloud computing service provider;
- legal audit of policies (procedures) and models used by the client;
- preparation/negotiation of a cloud computing service agreement, drafting of opinions;
- reporting for supervision if it results from the nature of a cloud computing service.
ISO certification for cloud computing users
Kochański & Partners offers its advisory and implementation services as part of preparation for the ISO/IEC 27001 certification, including the ISO/IEC 27017 standard, addressed to clients using cloud computing services. Kochański & Partners services cover in particular carrying out an audit, reviewing or preparing the required documentation, as well as providing implementation advisory services and assistance to clients during the certification process.
The ISO certification confirms the appropriate level of data security and helps minimize the risks inherent in cloud computing services.
The ISO certification should be of particular interest to entities covered by financial supervision, processing data of a particular category or covered by professional secrecy, i.e. wherever data and information security is particularly important. Care in this area confirms the utmost diligence of members of the Management Board and managers in the age of economy 4.0.
Selected individual products
CLOUD COMPUTING IDENTIFICATION
SERVICE PROVIDER SELECTION
- location of a data processing centre;
- seat of a cloud computing service provider;
- methods used by information security and encryption service providers;
- other issues at the preference of the client.
OUTSOURCING AGREEMENT
IMPLEMENTATION PROCESSES
- information classification and evaluation together with their documentation;
- risk assessment together with its documentation;
- fulfilment of individual technical and organisational requirements for cloud computing together with its documentation.
SELECTED DOCUMENTATION
- organisational chart of positions or functions related to cyber security;
- technological security rules (policies) and organisational cloud computing solutions;
- business continuity management rules (policies);
- compliance management rules (policies) (inter alia, software licensing processes), including rules (policies) for compliance with regulatory requirements;
- rules (policies) for review and management verification of the security system related to the use of cloud computing;
- rules (policies) for reporting, review and verification of the quality parameters of cloud computing services;
- description of processes, procedures or instructions for selected areas (management of logs, incidents, keys, etc.);
- rules for management of policies and documentation within the organisation management system.
REPRESENTATION BEFORE THE PFSA
PFSA AUDIT SIMULATION
A specific unit may carry out an audit simulation, allowing for the identification of the weakest links in the protection of personal data processing in an enterprise.
Timeline
2 February 2022
Publication of the PolishCloud 2.0 Standard – the most recent and comprehensive set of practices and solutions guiding banks smoothly through the cloud migration process, with the highest security standards applied.
1 November 2020
Update of Cloud Communication in connection with the epidemic, extending the implementation deadline until 1 November 2020
20 July 2020
The “Practical Legal Aspects of the Road to the Cloud” training as part of the PolishCloud Academy, with Aleksandra Piech and Daniel Kozłowski as speakers.
1 June 2020
PolishCloud Academy inauguration. The Polish Bank Association, Microsoft, Google Poland, the National Cloud Operator, Accenture and Kochański & Partners have established a joint group to promote cloud computing solutions in the Polish banking sector, creating the PolishCloud Academy project, providing free training and workshops relating to cloud implementation for representatives of financial institutions.
March 2020
Related information
PolishCloud
Cloud services for the financial sector
Closer to clouds: A new position of the Office of the Financial Supervision Authority on cloud solutions for the financial services sector
What does the Financial Supervision Authority's cloud computing position change?
The new position of the Office of the Financial Supervision Authority on cloud solutions for the financial services sector
Cloud computing: Polish banks in the cloud
Cloud computing in Polish Financial Institutions
Contact us:
Jan Ziomek
Advocate / Partner / Head of FinTech / NewTech Sector Practice
Maciej Kuranc
Bar Trainee / Associate / New Technologies and Personal Data Practice