Loading Results

How to become a cloud officer?

How to become a cloud officer?

This training aims to provide an introduction to the main regulatory requirements related to cloud outsourcing arrangements as defined by the CSSF circular 22/806 with a specific focus on the role of the cloud officer. In addition, it will address the practical implications of adopting cloud solutions while complying with the main provisions. The goal is to enable the CSSF-supervised entities to increase their comfort level in relation to cloud specific regulations in order to support their digital transformation process.

This training course is designed as an essential step to assist participants in addressing the following challenges, among others:

  • What are the main responsibilities as a cloud officer? 
  • What are the key regulatory considerations you should know prior to your cloud outsourcing project? 
  • What are the key aspects you should know about your service providers?
  • Which elements should be considered to conclude the materiality of your outsourcing arrangements? 
  • When should the competent authority be informed?
  • What procedure should be followed? 
  • Where should the data centers be located? 
  • Which party is responsible for ensuring data and systems security in the context of a shared security model? 
  • What are the key contractual obligations of your service providers? 
  • What are the key technical aspects to be considered when adopting cloud solutions? 
  • What are the training resources provided by the service providers?

Duration: 6h

Language: Available in English

Number of participants: up to 15

Available as intra-company course (i.e. dedicated session on demand)

Course content can be customised on demand under specific conditions.

CONTACT US

Objectives

By the end of this training, participants will be able to:

  • understand the main provisions related to cloud outsourcing arrangements as defined by the CSSF circular 22/806; 
  • describe the different governance models supporting IT outsourcing;
  • explain the role and responsibilities of a cloud officer; 
  • identify the key considerations with regard to Cloud Service Providers (CSP);
  • identify the main aspects of managing cloud risks, particularly in the context of a "shared security model"; 
  • describe the key documentation requirements.

Content

Compliance considerations and practical implications

  • Evolution of regulatory landscape
  • IT outsourcing vs. cloud computing outsourcing
  • Main requirements of CSSF 22/806 with a focus on cloud outsourcing arrangements
  • Role and responsibilities of a cloud officer
  • Cloud and professional secrecy requirements
  • CSSF notification request process (i.e. CSSF notification form for material IT activities)
  • Regulatory guidance on the key documentation to maintain (including. criticality assessment, due diligence, risk assessment, cloud register)

Key considerations for software and Cloud Solution Providers

  • Landscape of cloud services offering (including cloud services models, cloud deployment models)
  • Popular solutions observed in the market
  • Managing outsourcing and cloud risks in a context of shared security model
  • Contractual clauses and financial service compliance
  • Cloud adoption - Prerequisites and way forward approach

Target audience

  • Individuals who are going to be cloud officers 
  • Head of IT, information security officers and information technology officers 
  • Regulatory responsible and compliance officers 
  • Internal auditors
  • IT services providers (incl. cloud based software providers, cloud infrastructure providers, IT resource operators) 
  • Project managers in charge of (cloud) outsourcing projects

Our lead experts

This training is coordinated by Adam Tymofiejewicz and Xiaoyi Fang, Directors at PwC Luxembourg.

Adam Tymofiejewicz is a Director at PwC Luxembourg’s technology consulting with over 20 years of experience managing complex IT projects for private and public sector clients, including logistics companies, banks, insurers, and EU institutions such as the European Commission and European Parliament. He specialises in aligning IT strategies with business goals, IT portfolio management, and rationalization. Adam excels in IT strategy development, cloud solutions, DevSecOps, and Target Operating Models, with extensive project management expertise.

Xiaoyi Fang is a Director specialising in the implementation of regulatory and IT-driven projects for entities supervised by CSSF, with expertise in EU and Luxembourg regulatory frameworks. Xiaoyi is well-versed in banking business operations and regulatory topics such as internal governance, IT compliance, outsourcing, MiFID, and ESG. Her expertise includes outsourcing matters, IT compliance, and MiFID II-SFDR. She has managed significant client projects, including remediation support, complex IT projects, and MiFID II implementation. She has also led and contributed to numerous complex projects involving large banking groups, subsidiaries, and European institutions.

Follow us

© 2018 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.