Process overview

These guidelines must be followed when engaging a cloud-based information service:

  1. Classify the University information to be processed or stored in the cloud. Assess system criticality, information confidentiality, and legal, regulatory, contractual and/or funding agency requirements to determine if cloud vendor privacy and security safeguards must be reviewed and if a written contract is required.
  2. If a contract is required, complete the Cloud-based IT Services questionnaire and send it to the IT Information Security office (ISO).
  3. If cloud vendor privacy and security safeguards must be reviewed, the information can be requested from the vendor with the RFP, if applicable.
  4. Cloud vendor privacy and security responses will be reviewed by the department and ISO.
  5. Privacy and security safeguard requirements will be added to the contract terms and conditions as needed. The contract must be reviewed by the department, UD General Counsel, ISO and Procurement before it is signed.


Next step: Information classification and other considerations

If you have comments or suggestions about this Web page or see any errors, contact the IT Communication Group.