Entity documents and communicates its information security capabilities and responsibilities for the use of its cloud service, along with the information security responsibilities which the customer would need to implement and manage as part of its use of the cloud service