Introduction to Cloud Officer (CSSF Circular 19/714 in Lux)



  • 03 February 2022
  • 05 May 2022
  • 22 September 2022
  • 10 November 2022

Introduction to Cloud Officer (CSSF Circular 19/714 in Lux)


This course aims to provide a general introduction to cloud computing, within the context of IT outsourcing. The goal is to prepare someone to assume the role of “Cloud Officer” as per CSSF Circular 17/654 and be responsible for the use of cloud services, understanding the competences of the staff managing cloud computing resources 


At the end of the training, participants will be able to: 

-Describe different governance models supporting IT outsourcing to a public cloud provider

-Explain the different cloud platform service delivery models

-Describe how risk is managed within the context of a “shared security model” with a cloud provider



-The role of Cloud Officer

            - Risk Management (Territoriality,…)

            - GDPR journey

            - Outsourcing Framework

            - Governance

-Sourcing Models

-Overview of Cloud Technologies

-Cloud risks (and shared security/Responsibility models)

-Vendor/Supplier Management/Third Party Risk Management

- Notification to the CSSF (authorization request, discontinuation, etc.)

-Applicability of the Circular

-Requirements of the CSSF



            Resource Operation

            (IT) GRC (Governance Risk Compliance)

            Client Notification and Consent


                        -ISCR complies with data protection regulations

            Necessity to inform the Competent Authority

            Management of outsourced risks

            Business Continuity

            System Security

                Monitoring Activities

            Contractual Clauses

            Right to Audit

            Performance of the right to audit

            Establishing and completing the Register

            Particular case of Investment fund managers

Targeted audience

-Individuals who are going to be a Cloud Officer

-IT supervisors of organizations using or contemplating cloud use


-Internal Audit (as requested by CSSF)

-Member of Credit Institution and PFS within the meaning of the Law of 5 April 1993 on the Financial Sector (“LFS”).

-Member of payment institution and electronic money institutions within the meaning of the Law of 10 November 2009 on payment services (“LFS”)

-Member of investment fund partners subjects to circular CSSF 18/698.


Topics not covered or discussed during this course 

This course does not present the concepts of Google Cloud, AWS, Microsoft Azure, IBM and other APIs (Application Programming Interface) or other connectors used by these providers or other providers will not be discussed.

It is merely impossible to go into more depth, particularly at the level of each connector (API), application, environment and IT strategy in order to explain whether or not there must be a prior declaration to the CSSF, both the ramifications and exceptions between the different types of connectors in an ever-changing environment are complex.

The Low-Level analysis of an IT architecture with connectors operating in a Public Cloud will only be approached if this does not hinder the progress of the course for all stakeholders and according to the architectural knowledge of the trainer on this part

The course will allow you to understand how to fill in the Cloud Register and to identify the processes revolving around it. However, in a large majority of cases, this register must be completed with internal or external IT teams or even the various providers from which the trainer cannot avoid.

In view of the time allotted and the complexity of each organization's architectures and infrastructures, this course will not be considered as consultancy.





1 day




















  • Price900.00 €
  • Limit date of registration31 December 2022
  • LocationLuxembourg
  • Minimum enrollment2 participants
  • TermsGeneral conditions of sales


Back Registration