• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

  • Home
  • About Us
  • Solutions & Services
    • Security Governance
    • NETWORK SECURITY
    • CLOUD SECURITY
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Cloud Service Providers Risk Management: 50+ Contracts Key Components

By infoguard | At September 20, 2015

September 20, 2015

Cloud Service Providers Risk Management: 50+ Contracts Key Components

Dependent on the services, the following will form key components for cloud contracts. Given that contracts may vary significantly between various cloud service providers, not all of these may be captured or covered. This constitutes a typical illustrative list, as opposed to an exhaustive list:

  1. Performance measurement – how will this be performed and who is responsible for the reporting?
  2. Service Level Agreements (SLAs)
  3. Availability and associated downtime
  4. Expected performance and minimum levels of performance
  5. Incident response
  6. Resolution timeframes
  7. Maximum and minimum period for tolerable disruption
  8. Issue resolution
  9. Communication of incidents
  10. Investigations
  11. Capturing of evidence
  12. Forensic/eDiscovery processes
  13. Civil/State investigations
  14. Tort Law/Copyright
  15. Control and compliance frameworks
  16. ISO 27001/2
  17. COBIT
  18. PCI DSS
  19. HIPAA
  20. GLBA
  21. PII
  22. Data protection
  23. Safe Harbor
  24. S. Patriot Act
  25. Business Continuity and Disaster Recovery
  26. Priority of restoration
  27. Minimum levels of security and availability
  28. Communications during outages
  29. Personnel checks
  30. Background checks
  31. Employee/Third-party policies
  32. Data retention and disposal
  33. Retention periods
  34. Data destruction
  35. Secure deletion
  36. Regulatory requirements
  37. Data access requests
  38. Data protection/Freedom of information
  39. Key metrics and performance related to Quality of Service (QoS)
  40. Independent assessments/certification of compliance
  41. Right to audit (including period or frequencies permitted)
  42. Ability to delegate/authorize third parties to carry out audits on your behalf
  43. Penalties for nonperformance
  44. Delayed or degraded performance penalties
  45. Payment of penalties (supplemented by service or financial payment)
  46. Backup of media, and relevant assurances related to the format and structure of the data
  47. Restrictions and prohibiting the use of your data by the CSP without prior consent, or for stated purposes
  48. Authentication controls and levels of security
  49. Two-factor authentication
  50. Password and account management
  51. Joiner, Mover, Leaver (JML) processes
  52. Ability to meet and satisfy existing internal access control policies
  53. Restrictions and associated Non-Disclosure Agreements (NDAs) from the cloud service provider related to data and services utilized
  54. Any other component and requirements deemed necessary and essential

Failing to address any of the above listed components can result in hidden costs being accrued by the cloud customer in the event of additions or amendments to the contract. Isolated and ad hoc contract amendment requests typically take longer and more resources to achieve than if addressed at the outset.

 

Filed Under: Uncategorized

Primary Sidebar

Archives

  • [+]Cloud security (17)
  • [+]Compliance (14)
  • [+]Cyber security news (101)
  • [+]Cyber security threats (258)
  • [+]Cyber security tips (239)
  • [+]E-Commerce cyber security (3)
  • [+]Enterprise cyber security (2)
  • [+]Financial organizations cyber security (2)
  • [+]General (22)
  • [+]Government cyber security (2)
  • [+]Healthcare cyber security (7)
  • [+]Law Firms Cyber Security (5)
  • [+]Network security (5)
  • [+]Newsletter (1)
  • [+]Ransomware (10)
  • [+]Risk assessment and management (5)
  • [+]Security management and governance (4)
  • [+]Supply Chain Attacks (2)
  • [+]System security (3)
  • [—]Uncategorized (14)
    • 5 Methods to Make Customer Experience Safer
    • Cloud Service Providers Risk Management: 50+ Contracts Key Components
    • Cloud Service Providers Risk Management: Contract Management
    • Cloud Service Providers Risk Management: Importance of Identifying Challenges Early
    • Cloud Service Providers Risk Management: Service Level Agreement (SLA)
    • Cloud Service Providers Risk Management: Understanding Your Risk Exposure
    • Common Types of Phishing Attacks
    • Cyber Security Top Ten Tips
    • How hackers are using COVID-19 to find new victims
    • Protect Yourself from Email Tax Scams
    • Tips For Secure Shopping Online
    • Top Four Cybersecurity Threats Faced by the Financial Services Sector
    • Unsecure Server Compromises 350 Million Emails
    • Using WiFi-Connect With Care
  • [+]Vendor security (10)

Footer

Infoguard Cyber Security

San Jose Office
333 W. Santa Clara Street
Suite 920
San Jose, CA 95113
Ph: (855) 444-6004

Irvine Office
19800 MacArthur Blvd.
Suite 300
Irvine, CA 92612

Recent Posts

  • Cybsersecurity in the Metaverse
  • How to Integrate AI into Your Cybersecurity Strategy
  • Cybersecurity Governance in the Age of Remote Work: Balancing Security and Productivity

Get Social

  • LinkedIn
  • Home
  • About Us
  • Solutions & Services
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Copyright © 2023