Download the Cloud Security Alliance (CSA) Cloud Controls Matrix spreadsheet. (A sharp Internet inquiry should confer you the oration of the most floating rendering for download.) Lower the "Scope Applicability" distinction, prime a predicament that is useful to the structure for which you effort. For pattern, if your structure treat singular medical axioms and uses the COBIT framework, you could cull either COBIT or HIPAA/HITECH. Once you prime a predicament, cull row from "Control Domain" (that no other ward has already primeed!) Then, originate a new continuity in this week's discourse delay the name from support B (i.e. CCM V3.0 Govern ID.) Interpret the govern territory, how it maps to your clarified intention, and specifically what your structure does to utensil the formal govern.
If you don't distinguish which intention applies to your structure, fair use the University of the Cumberlands (UC) as your structure. As a university, we are lower the territory of FERPA, So, is you cull UC, you would scarcity to cull a Govern Territory and interpret how it maps to FERPA, and how UC utensils the governs.
So, here's an pattern. Let's divine I effort for a abundant on-line retailer. We treat reimbursement cards and are hence lower PCI DSS modifications. I'll prime BCR-03 govern ID (Business Continuity Planning.) So I would originate a new continuity in this week's discourse delay the name "BCR-03." Then I'd interpret what BCR-03 is, what it maps to in PCI DSS (4.1, 4.1.1, 9.1, 9.2), and then I'd interpret what my structure does to bear delay this govern modification.