Designing Monitoring Systems for Continuous Certification of Cloud Services: Deriving Meta-requirements and Design Guidelines

Continuous service certification (CSC) involves the consistently gathering and assessing certification-relevant information about cloud service operations to validate whether they continue to adhere to certification criteria. Previous research has proposed test-based CSC methodologies that directly assess the components of cloud service infrastructures. However, test-based certification requires that certification authorities can access the cloud infrastructure, which various issues may limit. To address these challenges, cloud service providers need to conduct monitoring-based CSC; that is, monitor their cloud service infrastructure to gather certification-relevant data by themselves and then provide these data to certification authorities. Nevertheless, we need to better understand how to design monitoring systems to enable cloud service providers to perform such monitoring. By taking a design science perspective, we derive universal meta-requirements and design guidelines for CSC monitoring systems based on findings from five expert focus group interviews with 33 cloud experts and 10 one-to-one interviews with cloud customers. With this study, we expand the current knowledge base regarding CSC and monitoring-based CSC. Our derived design guidelines contribute to the development of CSC monitoring systems and enable monitoring-based CSC that overcomes issues of prior test-based approaches

Towards a Continuous Process Auditing Framework (Case study in Healthcare Auditing and Decision Support - Infection Regime Control Survey)

The complexity of modern digital information systems is continuously increasing as a by-product of increased system functionalities in various domains. The resultant sea of information at our disposal mandates for making informed, timely and verifiable decisions. Traditional human-based audits become a liability in pursuit of timely decisions as they fail to audit the individual process modules or the entire process chain critical for determining the efficiency of an entire complex system. In this thesis we introduce the concept of Continuous Process Auditing (CPA) in digital systems. We propose an approach that audits the methodologies (processes) in a system used to achieve results. We use a communication mechanism and employ a weighting schema that accounts for the holistic nature of process chains and provides decision support to select alternate strategies to improve system efficiency. To demonstrate our approach we provide a case study based on a auditing a survey application and present our results