Professional Documents
Culture Documents
Cloud Governance
Cloud Governance
Cloud Governance
layer and which specific IMF controls are applicable to the services provided in a layer.
In Scope IT security alerts impacting cloud services, applications, or infrastructure hosted in Novartis
Public cloud environment. This includes any real or suspected loss, unauthorized access, change, or
misuse of information or technology maintained within Novartis public cloud environment only.
Cloud Security operations works on security alerts in Novartis cloud environment recognized by primarily
CSPM tool (InsightCloudSec).
The selection of IMF Controls in scope of Cloud Platform security enforcement will be done jointly by
Cloud Engineering Team and ISRM (1)
Primary Scope using the IMF control matrix built-in filters for PaaS & IaaS Controls Controls.
Secondary Scope using the IMF control matrix built-in filters for Infrastructure controls
(Network, Server, Database) and not already covered with PaaS & IaaS filtering
Control Domain
Access Management
Asset Management
Backup Management
Change Management
Data Management
Encryption Management
Global Governance Control