A service level agreement (SLA) is a contract between a cloud service provider (CSP) and a customer that defines the level of service, performance, availability, and responsibilities of both parties1. An SLA may also include the notification process a CSP follows after discovering a breach of customer data, such as the time frame, the communication channels, the content and format of the notification, and the remediation actions2. A communication plan is a document that outlines the objectives, strategies, and tactics for communicating with different stakeholders, but it may not specify the details of the breach notification process3. An incident response policy is a set of guidelines and procedures for responding to security incidents, such as identifying, containing, analyzing, and recovering from them, but it may not be shared with the customer by the CSP4. Access controls are the mechanisms and policies that regulate who can access what resources and data in a cloud environment, but they are not related to the breach notification process5. References:
1: CompTIA Cloud Essentials+ Certification Study Guide, Second Edition (Exam CLO-002), Chapter 3, page 75.
2: CompTIA Cloud Essentials+ Certification Study Guide, Second Edition (Exam CLO-002), Chapter 3, page 77.
3: CompTIA Cloud Essentials+ Certification Study Guide, Second Edition (Exam CLO-002), Chapter 3, page 79.
4: CompTIA Cloud Essentials+ Certification Study Guide, Second Edition (Exam CLO-002), Chapter 4, page 105.
5: CompTIA Cloud Essentials+ Certification Study Guide, Second Edition (Exam CLO-002), Chapter 4, page 107.
Submit