Cloud service provider due diligence

The cloud provider’s privacy and security safeguards may need to be reviewed, depending on the system’s criticality, information confidentiality and legal, regulatory, contractual and/or funding agency requirements. Consult the cloud service considerations to determine if the cloud service privacy and security controls must be verified.

Examples of due diligence privacy and security controls review include:

Security controls information can be obtained along with the RFP, if one is issued. Otherwise, it must be obtained directly from the cloud provider and reviewed by the department and IT Information Security.

Next step: Cloud service contracts

If you have comments or suggestions about this Web page or see any errors, contact the IT Communication Group.