The A4Cloud toolkit supports accountable organisations in running accountability practices, by implementing the accountability functions that should be executed by the cloud and data protection roles. At a high level, accountability functions can be classified as implementing relevant preventive, detective and corrective accountability mechanisms. Preventive mechanisms focus on mitigating the occurrence of an unauthorized action. The respective functions include assessing a risk, identifying and expressing appropriate policies to mitigate it, and enforcing these policies via mechanisms and procedures put in place. Detective mechanisms are used to identify the occurrence of an incident or risk that goes against the policies and procedures in place. The respective functions centre on monitoring and identifying policy violations via detection and traceability measures such as audit, tracking, reporting, and monitoring. Finally, corrective mechanisms are those that are used to fix an undesired result that has already occurred. The respective functions focus on managing incidents, providing notifications and facilitating redress.
The A4Cloud toolkit is composed of the following tools:
- The Data Protection Impact Assessment Tool (DPIAT): This tool is used by Small-Medium Enterprises (SMEs) to identify the risks in a given configuration and environment of carrying out a certain business transaction, which involves the processing of personal or confidential data. Read more!
- The Cloud Offerings Advisory Tool (COAT): This tool is designed to assist potential cloud customers (SME organizations and individuals) in assessing and selecting cloud offerings, with respect to certain security and privacy requirements. Read more!
- The Accountability Lab (AccLab): This tool is used to check the consistency between human readable accountability obligations expressed in the Abstract Accountability Language (AAL) and the compliance of machine-readable accountability policy language called Accountable Primelife Policy Language (A-PPL) with such AAL statements. Read more!
- The Data Protection Policies Tool (DPPT): This tool is used by Cloud Providers to create machine readable representation of accountability policy statements in A-PPL enforceable language. The tool is used to configure the component in charge of enforcing the accountability related policies, by translating the policies into an A-PPL file and sending it to the responsible policy enforcement component. Read more!
- The Accountable Primelife Policy Engine (A-PPL Engine or A-PPLE): This tool enforces data handling policies expressed in A-PPL and generates logs with respect to the actions enforced in compliance to these policies. Read more!
- The Audit Agent System (AAS): This tool enables the automated audit of multi-tenant and multi-layer cloud applications and cloud infrastructures for compliance with custom-defined policies, using software agents. Read more!
- The Data Transfer Monitoring Tool (DTMT): This tool automates the collection of evidence describing how data transfers within a cloud infrastructure comply with data handling policies. Read more!
- Data Track (DT): This tool is used by data subjects to get a user-friendly visualization of all personal data they have disclosed to cloud services, with the additional capability to rectify data if necessary. Read more!
- The Assertion Tool (AT): This tool ensures the validation of the A4Cloud tools through a test case-based validation methodology, during the development and deployment phases. Read more!
- The Accountability Monitor (AccMon): This tool provides the means for cloud service providers to monitor the implementation of accountability policies.
- The Security and Privacy Assurance Case Environment (SPACE): This tool addresses the problem of providing assurance on how the cloud service providers can demonstrate their compliance with relevant policies and support them in operational environments towards increasing trustworthiness and enhancing transparency in a cloud environment. Read more!
- The Transparency Log (TL): This cryptographic tool provides a secure and privacy-preserving unidirectional asynchronous communication channel, typically between a cloud subject and a cloud provider. Messages can be stored on untrusted system in the form of buffers, which are called piles, and can still be securely retrieved asynchronously by recipients registered to these piles. Read more!
- The Remediation and Redress Tool (RRT): This tool assists cloud customers (individuals or SMEs) in responding to real or perceived data handling incidents and their redress. Read more!
- The Incident Management Tool (IMT): This tool is the entry point for managing anomalies and violations that occur in cloud services and should be notified to the cloud subjects, such as privacy violations or security breaches. The tool enables cloud subjects receive incident notifications and takes the initial steps to respond to these incidents, by gathering comprehensive and structured information related to these incidents. Read more!
The tools integrate with each other and with an external cloud environment and implement the accountability support services and the respective artefacts, as shown below: