Changes

''Consumer data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or seizure.''

''Separation should exist between different consumers of the service to prevent one malicious or compromised consumer from affecting the service or data of another.''

The service provider should have a security governance framework that coordinates and directs their overall approach to the management of the service and information within it.