Update: Intro Compliance Learning Path

content/learning-paths/98e16360-a366-4b78-8e0a-031da07fdacb/intro-compliance/_index.md

@@ -0,0 +1,8 @@
+---
+title: "Intro Compliance"
+description: "Are you looking for an introduction to Exoscale's data center processes and compliance topics? This INTRO Compliance Learning Path is perfect for non-technical individuals and covers the ground of all related topics. You'll learn about the benefits and challenges of compliance, sustainability, technical security, contractual setup, and response & support in modern IT scenarios, understand key concepts and terminology, and discover why these new rules are so important. "
+themeColor: "#3C494F"
+cardImage: "/images/learning-path/kubernetes-icon.svg"
+courses: 7
+weight: 3
+---

content/learning-paths/98e16360-a366-4b78-8e0a-031da07fdacb/intro-compliance/contractual-setup/_index.md

@@ -0,0 +1,8 @@
+---
+title: "Exoscale's Contractual Setup"
+description: ""
+themeColor: "#3C494F"
+cardImage: "/images/learning-path/kubernetes-icon.svg"
+courses: 1
+weight: 7
+---

content/learning-paths/98e16360-a366-4b78-8e0a-031da07fdacb/intro-compliance/contractual-setup/content/setup.md

@@ -0,0 +1,55 @@
+---
+docType: "Chapter"
+id: "Contractual Setup"
+chapterTitle: "Contractual Setup"
+description: ""
+title: "Contractual Setup"
+weight: 1
+---
+
+### Overview
+
+![contract-setup]({{< usestatic "intro-compliance/contractual-setup.png" >}})
+
+### Terms & Conditions - client and supplier relations
+
+- Exoscale's Terms & Conditions - [exoscale.com/terms](https://www.exoscale.com/terms/)
+
+![terms-of-service]({{< usestatic "intro-compliance/terms-of-service.png" >}})
+
+#### T&C's Categories
+
+1. **Definitions**
+1. **The Services**
+1. **Fees and Payment Modalities**
+1. **Service Level Agreement** (SLA)
+1. **Use of the Services**
+1. **Software Licenses**
+1. **Proprietary Rights**
+1. **Confidentiality**
+1. **Warranties**
+1. **Indemnification**
+1. **Publicity**
+1. **Force Majeure**
+1. **Term and Termination**
+1. **Miscellaneous Provisions**
+
+### Data Privacy - information usage and handling
+
+- Exoscale's Privacy Policy - [exoscale.com/privacy](https://www.exoscale.com/privacy/)
+
+#### Privacy Policy
+
+Exoscale collects only information you choose to give us and processes it with your consent or on a legal basis. Therefore, we gather as little personal information as we can to allow us to provide our services.
+
+Personal information is not sold to third parties and is used and processed as described on this page. Furthermore, we comply with the EU's Privacy Shield Framework and the General Data Protection Regulation (GDPR). As a result, we provide the same level of privacy protection regardless of your country of origin or location.
+
+![data-privacy]({{< usestatic "intro-compliance/data-privacy.png" >}})
+
+### Jurisdiction - *laws and courts*
+
+#### Exoscale's Jurisdiction & Governing Law (T&C 14.8)
+
+These Terms and Conditions and any Order shall be governed by the laws of Switzerland. The Parties irrevocably submit to the exclusive jurisdiction of the courts of the canton of Vaud, district of Lausanne. 
+
+![justice]({{< usestatic "intro-compliance/justicia2.png" >}})

content/learning-paths/98e16360-a366-4b78-8e0a-031da07fdacb/intro-compliance/exoscale-compliance/_index.md

@@ -0,0 +1,8 @@
+---
+title: "Exoscale's Compliance"
+description: ""
+themeColor: "#3C494F"
+cardImage: "/images/learning-path/kubernetes-icon.svg"
+courses: 6
+weight: 3
+---

content/learning-paths/98e16360-a366-4b78-8e0a-031da07fdacb/intro-compliance/exoscale-compliance/content/assessment.md

@@ -0,0 +1,42 @@
+---
+docType: "Chapter"
+id: "Risk Assessment"
+chapterTitle: "Risk Assessment"
+description: ""
+title: "Risk Assessment"
+weight: 4
+---
+
+### Framework
+
+Understanding the risks that could significantly impact the organization and its ability to achieve its objectives is critical.
+
+Risks are typically grouped into three categories:
+
+- Business Risks
+- Compliance Risks
+- Operational Risks
+
+#### Business Risks
+
+that could impact the organization's ability to achieve its objectives, for example, a natural disaster disrupting operations.
+
+Business risk refers to the potential for financial loss or other negative consequences arising from internal or external factors affecting a company's ability to achieve its objectives. This can include risks related to market conditions, competition, regulatory changes, financial performance, operational issues, and other factors that can impact the success or sustainability of a business. Practical risk assessment and management strategies can help enterprises to identify and mitigate potential risks, minimize financial losses, and protect against other negative impacts.
+
+![bussiness]({{< usestatic "intro-compliance/business.png" >}}) 
+
+#### Compliance Risks
+
+that could lead to non-compliance with legal or regulatory requirements, for example, a data breach that leads to a fine from a data privacy regulatory body.
+
+Compliance risk is the potential for financial loss or legal penalties arising from a company's failure to comply with laws, regulations, or industry standards. This can include risks related to data privacy, environmental regulations, labor laws, financial reporting requirements, and other areas of regulatory compliance. Non-compliance can result in fines, legal action, damage to reputation, and other negative consequences that can impact a company's financial performance and overall success. Practical risk assessment and management strategies can help businesses identify and address compliance risks, ensure regulatory compliance, and minimize the potential for financial and legal consequences.
+
+![risk-compliance]({{< usestatic "intro-compliance/risk-compliance.png" >}}) 
+
+#### Operational Risks
+
+that could impact day-to-day operations, for example, a system failure that disrupts business processes.
+
+Operational risk is the potential for financial loss or other negative consequences arising from a company's internal processes, systems, or human error. This can include risks related to technology failures, supply chain disruptions, employee misconduct, fraud, and other operational issues that can impact a company's ability to conduct business effectively. Operational risks can also arise from external events, such as natural disasters or cyberattacks. Practical risk assessment and management strategies can help enterprises to identify and mitigate potential operational risks, improve processes and systems, and minimize the potential for financial losses or other negative impacts.
+
+![operational-risk]({{< usestatic "intro-compliance/risk-operational.png" >}}) 

content/learning-paths/98e16360-a366-4b78-8e0a-031da07fdacb/intro-compliance/exoscale-compliance/content/data-center.md

@@ -0,0 +1,21 @@
+---
+docType: "Chapter"
+id: "Data Center"
+chapterTitle: "Data Center"
+description: ""
+title: "Data Center"
+weight: 6
+---
+
+### Locations
+
+All **Exoscale zones** are hosted **in** carefully selected **state-of-the-art data centers**. 
+
+![dc-location]({{< usestatic "intro-compliance/dc-location.png" >}}) 
+
+### Certifications
+
+Data centers must **pass stringent** criteria defined in our requirements, including various **security and quality certifications**.
+
+![dc-cert1]({{< usestatic "intro-compliance/dc-cert1.png" >}}) 
+![dc-cert2]({{< usestatic "intro-compliance/dc-cert2.png" >}}) 

content/learning-paths/98e16360-a366-4b78-8e0a-031da07fdacb/intro-compliance/exoscale-compliance/content/security.md

@@ -0,0 +1,68 @@
+---
+docType: "Chapter"
+id: "Compliance Security"
+chapterTitle: "Compliance Security"
+description: ""
+title: "Compliance Security"
+weight: 5
+---
+
+### Security Referential
+
+**Organizations** can **need help maintaining** an ever-growing number of **compliance standards** and security frameworks.
+
+**Exoscale has extensive compliance documentation** for various standards and security frameworks, **making it easy for organizations to meet** all the **requirements**.
+
+The Security Referential is a set of standards and best practices that we follow to ensure the security of our infrastructure and services. It includes guidelines on access control, network security, data protection, and incident response.
+
+The Security Referential is based on industry standards and is regularly updated to address new security threats and vulnerabilities. Customers can use the Security Referential as a reference for their security needs and compliance requirements.
+
+### Certified Security
+
+The **security of your data is our highest priority**, and we work hard to ensure that our platform meets the highest security standards.
+
+We believe trust is essential. Therefore, **we regularly undergo third-party audits** to help you meet your compliance obligations.
+
+### Secure Control Framework
+
+To maintain that documentation, **Exoscale has developed its security referential** based on the 32 Control Domains of the SCF framework.
+
+This referential allows us to implement **a single set of security controls** while meeting all the requirements of the **targeted standards** and frameworks.
+
+![SCF-logo]({{< usestatic "intro-compliance/SCF-logo.png" >}}) 
+
+#### Our Security Control Domains
+
+1. Security & Privacy Governance
+1. Asset Management
+1. Business Continuity & Disaster Recovery
+1. Capacity & Performance Planning
+1. Change Management
+1. Cloud Security
+1. Compliance
+1. Configuration Management
+1. Continuous Monitoring
+1. Cryptographic Protections
+1. Data Classification & Handling
+1. Embedded Technology
+1. Endpoint Security
+1. Human Resources Security
+1. Identification & Authentication
+1. Incident Response
+1. Information Assurance
+1. Maintenance
+1. Mobile Device Management
+1. Network Security
+1. Physical & Environmental Security
+1. Privacy
+1. Project & Resource Management
+1. Risk Management
+1. Secure Engineering & Architecture
+1. Security Operations
+1. Security Awareness & Training
+1. Technology Development & Acquisition
+1. Third-Party Management
+1. Threat Management
+1. Vulnerability & Patch Management
+1. Web Security
+

content/learning-paths/98e16360-a366-4b78-8e0a-031da07fdacb/intro-compliance/exoscale-compliance/content/spc-compliance.md

@@ -0,0 +1,53 @@
+---
+docType: "Chapter"
+id: "Specific Compliance"
+chapterTitle: "Specific Compliance"
+description: ""
+title: "Specific Compliance"
+weight: 3
+---
+
+
+### Framework
+
+#### TISAX (Trusted Information Security Assessment Exchange)
+
+*Is a certification designed for the automotive industry's assessment and exchange mechanism of information security.*
+
+TISAX stands for Trusted Information Security Assessment Exchange. It is a framework for information security assessments developed by the German Association of the Automotive Industry (VDA) to ensure the security of shared data among automotive industry suppliers.
+
+TISAX is based on the ISO/IEC 27001 standard for information security management systems and is designed to ensure the confidentiality, integrity, and availability of information exchanged between automotive industry partners. TISAX assessments are conducted by accredited third-party auditors who evaluate a company's information security management system against defined criteria.
+
+TISAX assessments cover various information security topics, including access control, data protection, incident management, business continuity, and physical security. Companies that complete a TISAX assessment are granted a TISAX certificate, demonstrating that they meet the information security requirements of the automotive industry.
+
+TISAX certification is becoming increasingly important for companies that supply products or services to the automotive industry, as it demonstrates a commitment to information security and provides a competitive advantage in the marketplace.
+
+#### HDS (Health Data Hosting)
+
+*Is a certification designed to reinforce personal health data protection and build a trustworthy environment around eHealth and patient monitoring.*
+
+HDS, or Health Data Hosting, is a French legal framework regulating personal health data storage and processing. It applies to any company or organization that provides data hosting services for healthcare data in France.
+
+Under the HDS framework, healthcare data must be stored and processed in compliance with strict security and privacy requirements. These include:
+
+**Physical security**: HDS requires that data centers be equipped with adequate physical security measures, such as access controls, surveillance cameras, and fire suppression systems.
+
+**Technical security**: HDS requires that data be encrypted at rest and in transit and that access to the data be restricted to authorized personnel.
+
+**Organizational security**: HDS requires that data hosting providers implement various policies and procedures to ensure healthcare data's confidentiality, integrity, and availability.
+
+**Privacy**: HDS requires that data hosting providers obtain explicit consent from patients to collect, store, and process their health data and comply with all applicable data protection laws and regulations.
+
+Failure to comply with HDS requirements can result in significant penalties and fines. As such, healthcare data hosting providers in France must take HDS compliance very seriously and implement robust security and privacy measures to protect personal health data.
+
+#### FINMA (Swiss Financial Market Supervisory Authority)
+
+*Is a government financial regulation for supervising banks, insurance companies, stock exchanges, securities dealers, and other financial intermediaries in Switzerland.*
+
+FINMA stands for Swiss Financial Market Supervisory Authority. It is an independent regulatory body responsible for supervising and regulating financial institutions and markets in Switzerland. FINMA was established in 2009 as part of a comprehensive Swiss financial market supervisory system reform.
+
+FINMA's primary mission is to ensure the stability and integrity of the Swiss financial system, protect investors and consumers, and combat financial crime. It supervises and regulates banks, insurance companies, securities dealers, asset managers, and other financial intermediaries operating in Switzerland.
+
+FINMA has the authority to issue regulations, conduct investigations, and impose sanctions on financial institutions and individuals who violate Swiss financial laws and regulations. It also works closely with other national and international regulatory bodies to promote financial stability and combat cross-border financial crime.
+
+FINMA plays a critical role in maintaining the integrity and stability of the Swiss financial system and ensuring that financial institutions and markets operate safely and soundly.