Copyright 2014 Thomas Trappler All Rights Reserved
|
|
- Hester Jacobs
- 8 years ago
- Views:
Transcription
1 1
2 Cloud Computing Risk Mitigation 2
3 Cloud Computing Risk Mitigation As with the adoption of any IT solution, The adoption of a cloud computing solution comes with both benefits and risks. 3
4 Cloud Computing Risk Mitigation The key question for us to explore today is: How can we most effectively mitigate the risks associated with adopting a cloud computing solution so as to maximize the benefits? 4
5 Cloud Computing Risk Mitigation Transitioning to the Cloud = Paradigm Shift From: Technically Managed I build it, I maintain it. To: Contractually Managed Someone else is doing this for me, how do I ensure they re doing it right? 5
6 Cloud Computing Risk Mitigation Key Ways To Mitigate Risks Contract Negotiation Establish the terms of the relationship What do I get? Vendor Management Maintain the relationship How do I ensure that I continue to get it? If it s not in the contract, don t expect to get it. 6
7 Cloud Computing Risk Mitigation Standard Answers 7
8 Cloud Computing Risk Mitigation A Framework of Issues to Consider Each issue should be individually evaluated Based upon your organization s unique needs and tolerance for risk For each specific use case/project 8
9 Cloud Computing Risk Mitigation Key Factors Public Data Sensitivity Sensitive Downtime = Tolerable Business Criticality Downtime = Business Stops 9
10 Cloud Computing Risk Mitigation Multiple Variations = SaaS, IaaS, PaaS Contract Issues Are Similar Infrastructure/Security Service Level Agreements Data Protection, Access & Location Vendor Relationship 10
11 1) Infrastructure/Security Physical Data Center Behind Every Cloud All Cloud Service Vendors Are NOT Created Equally A New and Evolving Market Space 11
12 1) Infrastructure/Security How do we ensure we re getting this 12
13 1) Infrastructure/Security and not this? 13
14 1) Infrastructure/Security Identify Cloud Vendor s Infrastructure and Security Practices 14
15 How? Ask Questions 15
16 Consensus Assessments Initiative Questionnaire & Cloud Controls Matrix Standard Information Gathering Questionnaire 16
17 1) Infrastructure/Security Areas To Evaluate Include: Information Security Physical Security Operations Management 17
18 1) Infrastructure/Security Determine Which Practices Are Important Codify Them in the Contract as Minimum Requirements Incorporate Responses in Contract 18
19 1) Infrastructure/Security Once You ve Got Them in the Contract, How Do You Verify These Things? 19
20 1) Infrastructure/Security Third Party Certifications No Formal Standard ISO/IEC 27001/27002 SOC 2&3, AT Sec. 101 (Replaced SAS 70) FIPS 200/SP CSA Open Certification Framework Reports S/B Provided To You 20
21 1) Infrastructure/Security Re-Certify At least annually, and after any reasonably suspected breach Report provision, including timeframe Your organization must thoroughly review Correction or cause for breach 21
22 2) Service Level Agreements Software as a Service Infrastructure as a Service Platform as a Service The key thing in common is Service. 22
23 2) Service Level Agreements SLA Parameters Availability Performance/Response Time Error Correction Time Latency 23
24 2) Service Level Agreements SLA Metrics Quantitative and Unambiguous Describe Data Sources & Fields, Collection Times & Frequency, Responsibility for Collection Relevant to Business Outcomes, Not Technical Parameters Limit to 8-10 SLAs 24
25 2) Service Level Agreements SLA Remedies Corrections Penalties 25
26 2) Service Level Agreements SLA Remedies If You Do Include Financial Penalties Codify When/How Credit is Provided Client Notification or Vendor Self-Audit? Against Current Payment, Or Renewal 26
27 2) Service Level Agreements SLA Remedies Goal is Good Service, Not Credits 27
28 2) Service Level Agreements SLA Remedies Reputational Penalties Disqualification From Future Contract Bids Rewards For Exceeding Service Levels What Remedies Meet Your Needs? 28
29 3) Data Protection, Access & Location Ownership of Data Good News = More Vendors Including This in Standard Contract Vendors Are Willing to Listen Your Organization Owns the Results of Any Processing of Your Data 29
30 3) Data Protection, Access & Location To Avoid Vendor Lock-In Plan In Advance How You Will Switch To A Different Solution 30
31 3) Data Protection, Access & Location Data Access/Disposition Process Timeframe Format Cost (Egress Fees?) Destruction 31
32 3) Data Protection, Access & Location Data Breaches Repercussions Vary According to Data Type Know In Advance What Type of Data You ll Be Processing/Storing 32
33 3) Data Protection, Access & Location Data Breaches Notification (incl. timeframe) Details (circumstances, type of data, etc.) Corrective Action Indemnification 33
34 3) Data Protection, Access & Location Location of Data Different Laws Which Law Applies to My Data? Identify/Restrict Data Center Location(s) 34
35 3) Data Protection, Access & Location Legal Requests for Access to Data Notification of Requests Before They Provide Access To Your Data Cooperate in Managing Release Limit Any Release to the Extent Possible, and to the Minimum Required by Law 35
36 4) Vendor Relationship Issues Not Unique to Cloud Computing, but Essential Most Leverage = Before Signing/Paying Cost of Change = Significant 36
37 4) Vendor Relationship Contractually Codify in Advance Terms to Continue Using Terms to Terminate/Change 37
38 4) Vendor Relationship Cost to Continue Using Renewal Price Caps as the Lesser of: Consumer Price Index (CPI) A Set Percentage (3%, 5%, etc.) Cloud Vendor s List Price What Others Pay Going Forward For As Long As Possible 38
39 4) Vendor Relationship Termination Keep Decision Within Your Control Restrict to Triggering Events Include Customer Opportunity to Cure Exclude Legitimate Payment Disputes 39
40 4) Vendor Relationship Mergers and Acquisitions Due Diligence None of Us Can Predict the Future Evolving Market Space Terms Binding on Successors/Assigns 40
41 4) Vendor Relationship Vendor Outsourcing Increases Complexity Vendor to Identify Third Parties Vendor Remains Responsible 41
42 Next Steps Cloud Computing is Big 42
43 Next Steps Broad Set of Implications From Meeting Business Needs To Compliance With Policy/Law Beyond Responsibilities of One Position 43
44 Next Steps So Don t Go It Alone commons.wikimedia.org/wiki/file:rockislandindependentsteamphoto1919.jpg Business Process Owner IT Vendor Management Procurement IT - Technical IT - Security/Policy Legal Affairs Risk Management Audit/Compliance/Governance/Privacy 44
45 Next Steps Working Together Effectively Manage Develop Guidelines/Best Practices Re: Appropriate Acquisition/Use 45
46 How Can I Learn More? Cloud Computing Risk Mitigation Via Contract Negotiation & Vendor Management seminar --- October 20, Chicago, IL To register, please go to: CSA-IAPP discount ($100) Use Code CSA-IAPP 46
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society
More informationHow To Protect Your Data In The Cloud
Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor
More information2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks 14 September 2011 Presenters Alistair Maughan Morrison & Foerster
More informationTHE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS
THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS Data Law Group, P.C. Kari Kelly Deborah Shinbein YOU CAN T OUTSOURCE COMPLIANCE! Various statutes and regulations govern
More informationTechnology Outsourcing. Tools to Manage Technology Providers Performance Risk: Service Level Agreements
Technology Outsourcing Tools to Manage Technology Providers Performance Risk: Service Level Agreements Technology Outsourcing Tools to Manage Technology Providers Performance Risk: Service Level Agreements
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationCloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World
Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationAgenda. 1. How we got here: 2. Current State: 3. The Devil in the Details. Evolution of Workload Delivery
Seize the Cloud The Cloud is Agenda 1. How we got here: Evolution of Workload Delivery 2. Current State: Success and Challenges in the Cloud Areas for Investment 3. The Devil in the Details Negotiate for
More informationAnatomy of an IT Outsourcing Deal. Bruce Laco Deloitte John Pickett IT World Canada Barry Sookman McCarthy Tetrault
Anatomy of an IT Outsourcing Deal Bruce Laco Deloitte John Pickett IT World Canada Barry Sookman McCarthy Tetrault 3656867 Agenda Key Considerations for IT Outsourcing Decision Anatomy of an Outsourcing
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More information3 rd Party Vendor Risk Management
3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced
More informationEvolving Technology Issues: Cloud Computing
Evolving Technology Issues: Cloud Computing Michael Bennett October 16, 2011 2011 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP Cloud Computing Does compliance with applicable laws fall to
More informationGAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com
GAIN CLARITY CRITICAL ISSUES Your Data in the Cloud : Benefits & Risks berrydunn.com AGENDA Defining Cloud Services Benefits and Risks Core Requirements Myths about Clouds Is Your Data in the Cloud Secure?
More informationEvolving Issues for Healthcare IT Contracting
Evolving Issues for Healthcare IT Contracting By: Alan L. Friel This client advisory is based in part on an article appearing in FierceHealthIT. The emergence of mega-suite vendors, more use of the cloud,
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationSoftware as a Service Decision Guide and Best Practices
Software as a Service Decision Guide and Best Practices Purpose of this document Software as a Service (SaaS) is software owned, delivered and managed remotely by one or more providers [Gartner, SaaS Hype
More informationAuditing Software as a Service (SaaS): Balancing Security with Performance
Auditing Software as a Service (SaaS): Balancing Security with Performance Goals for Today Defining SaaS (Software as a Service) and its importance Identify your company's process for managing SaaS solutions
More informationCloud Computing Safe Harbor or Wild West?
IT Best Practices Series Cloud Computing Safe Harbor or Wild West? With IT expenditures coming under increasing scrutiny, the cloud is being sold as an oasis of practical solutions. It s true that many
More informationPublic Cloud Service Agreements: What to Expect & What to Negotiate. April 2013
Public Cloud Service Agreements: What to Expect & What to Negotiate April 2013 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide customer-led guidance to the multiple
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationWednesday, January 16, 2013
Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL 60654 312.832.4500 Wednesday,
More informationCloud Service Rollout. Chapter 9
Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and
More informationAuditing the Cloud Auditors Chief Audit Executives
Auditing the Cloud This course introduces the seemingly new and specific risks of the various types of cloud computing. Through reviewing recent cloud computing failures and breaches, together with a detailed
More informationCloud P ROVIDER CHOOSE A HOW TO. A White Paper presented by
Cloud HOW TO CHOOSE A P ROVIDER A White Paper presented by Introduction THE COMING OF AGE OF THE CLOUD More and more organizations are turning to cloud computing to augment or replace their in-house IT
More informationMobile App Developer Agreements
Mobile App Developer Agreements By Alan L. Friel Many companies that have had disputes with developers have been surprised to discover that the agreements signed, often without input from legal, failed
More informationContractually Speaking: Drafting & Negotiating IT Contracts that Work. Matthew A. Karlyn Attorney Neal, Gerber & Eisenberg LLP
Contractually Speaking: Drafting & Negotiating IT Contracts that Work Matthew A. Karlyn Attorney Neal, Gerber & Eisenberg LLP INTRODUCTION Economic cycles & contract terms Commonly used terms & trends
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationDocument Management System. Contract Analysis and Negotiation March 11, 2012
March 11, 2012 David Schlossman, M.D. Northwestern University Medical Informatics 408 Winter 2012 Page 1 of 14 1. The SaaS (Software as a Service) Model Right from inception, as specified in the Statement
More informationCreating Dynamic IT Infrastructure at Reduced Cost with Cloud Computing
Creating Dynamic IT Infrastructure at Reduced Cost with Cloud Computing White Paper Date: 12/9/2011 Version: 0.4 (Final) Author: Matt Baker, Clarity Business and IT Solutions Creating Dynamic IT Infrastructure
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationIn the Cloud Risk Assessments in the Great Unknown
In the Cloud Risk Assessments in the Great Unknown 1 1 Agenda Re-Define Cloud again Define the Risk Assessment Process Table Stakes Table Stakes Backed in Writing The norm vs. The cutting edge Success!
More informationBerlin, 15 th November 2013. Mark Dunne SaaSAssurance
Berlin, 15 th November 2013 Mark Dunne SaaSAssurance SaaSAssurance guidance to Irish Government on Cloud Adoption Who are SaaSAssurance? Diverse multilingual European team Focus on the here and now Digital
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More information2014 HIMSS Analytics Cloud Survey
2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation
More informationClient Alert. Global Information Technology & Communications Privacy, Data Protection and Information Management
Global Information Technology & Communications Privacy, Data Protection and Information Management Client Alert Umbrellas for Clouds: Risk Mitigation Strategies for SaaS Transactions www.bakermckenzie.com
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationThe Gotchas of Cloud-Based
leading thoughts / may 2013 The Gotchas of Cloud-Based Contact Center Solutions Take a dose of caution when moving to a cloud-based solution. Lessons learned from early adopters. By Ken Barton, Strategic
More informationSecurity in the Cloud
Security in the Cloud Visibility & Control of your Cloud Service Provider Murray Goldschmidt, Pierre Tagle, Ph.D. April 2012 Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney
More informationCloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com
Cloud Computing Risks & Reality Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com What is Cloud Security The quality or state of being secure to be free from danger & minimize risk To be protected from
More informationBecoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013
Becoming a Cloud Services Broker Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Hybrid delivery for the future Traditional IT Evolving current state Future Information
More informationIntellectual Property Group Presentation. Using Open Source Software Issues to Consider. Peter J. Guffin, Esq. Pierce Atwood LLP January 22, 2009
Intellectual Property Group Presentation Using Open Source Software Issues to Consider Peter J. Guffin, Esq. Pierce Atwood LLP January 22, 2009 I. Agenda Select key terms in various open source licenses
More information{Moving to the cloud}
{Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have
More informationIsaac Willett April 5, 2011
Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationChecklist: Cloud Computing Agreement
Checklist: Cloud Computing Agreement crosslaw s checklists Date : 21 November 2015 Version 1.4 Tags : ICT Law Johan Vandendriessche Johan is partner and heads the ICT/IP/Data Protection practice. He combines
More informationThird-Party Risk Management: Busting Myths and Telling Truths
Third-Party Risk Management: Busting Myths and Telling Truths Richik Sarkar, Esq. McDonald Hopkins LLC 600 Superior Avenue, East, Suite 2100 Cleveland, OH 44114 (216) 430-2009 rsarkar@mcdonaldhopkins.com
More informationNegotiating EHR Acquisition Contracts
Negotiating EHR Acquisition Contracts Key Strategies, Terms and Conditions Louisa Barash, Esq. & Jane Eckels, Esq. The Art and Skill of Negotiations Painful Contract Negotiations Take too long Are too
More informationAuditing Cloud Computing and Outsourced Operations
Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls
More informationIT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014
IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system
More informationInformation Security Guideline: Cloud Computing Services. Information Security and Privacy Committee Draft version 8/1/2012
Information Security Guideline: Cloud Computing Services Information Security and Privacy Committee Draft version 8/1/2012 Table of Contents Introduction... 1 Purpose... 2 Scope... 2 Risks and Concerns
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationThe Cloud Challenge: understanding what is "market"?
The Cloud Challenge: understanding what is "market"? ANDREW JOINT ED BAKER 05 / 03 / 2014 Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationImplementing Clinical Solutions in the Cloud
Implementing Clinical Solutions in the Cloud NICK LAGROTTA Contents Introduction... 1 What is the Cloud?... 2 Service Models... 2 Delivery Models... 2 Cloud Challenges... 3 The Benefits of a Clinical Cloud...
More informationBest Practices for Sourcing Cloud Computing Services
Best Practices for Sourcing Cloud Computing Services Marc Lindsey Partner Levine, Blaszak, Block & Boothby, LLP MLindsey@LB3Law.com Disclaimer This presentation is for informational purposes only and does
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationEffectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
More informationM A N A G I N G C O N U S U L T A N T
UNDERSTANDING MANAGED SERVICES RUSS HENDERSON M A N A G I N G C O N U S U L T A N T AGENDA Define Compare Implement DEFINE DEFINE Managed Services is the proactive management of an IT asset or object,
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationSoftware as a Service Impacts to IT Outsourcing a roundtable discussion
Software as a Service Impacts to IT Outsourcing a roundtable discussion www.iaop.org Kenny Markford, SaaS Category Lead, AstraZeneca There s lots of information floating around the ether about the impacts
More informationCloud Computing and HIPAA Privacy and Security
Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &
More informationDodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare
Dodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare Strengthening Cybersecurity Defenders #ISC2Congress Healthcare and Security "Information Security is simply a personal
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationWhat you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered
What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged
More informationSurviving Software Audits
Volume 7 Issue 5 1 Surviving Software Audits Audit Prevention Strategies and Successful Audit Processes By: Frank Venezia Vice President, Siwel Consulting, Inc. By: Steffani Lomax Director of ITAM Business
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.
More information2012 Winston & Strawn LLP
2012 Winston & Strawn LLP Top 5 Negotiation Points for Software, SaaS, and Outsourcing Agreements Brought to you by Winston & Strawn s Advertising, Marketing, and Entertainment Law Group 2012 Winston &
More informationCloud Computing Risks
ISSA PREEMINENT TRUSTED GLOBAL INFORMATION SECURITY COMMUNITY Cloud Computing Risks By Richard Mosher ISSA member, Kansas City, USA Chapter Cloud computing risks still include data privacy, availability,
More informationThe Challenges of Applying HIPAA to the Cloud. Adam Greene, Partner Davis Wright Tremaine LLP
The Challenges of Applying HIPAA to the Cloud Adam Greene, Partner Davis Wright Tremaine LLP AGENDA Key Concepts Under HIPAA HIPAA Obligations for a BA Questions Remain Reaching Answers Resources KEY CONCEPTS
More informationWilliam F Crowe, CISA,CRISC, CISM, CRMA, MBA September 2013
William F Crowe, CISA,CRISC, CISM, CRMA, MBA September 2013 16 years experience in Information Security, Risk Management, Third Party Oversight and IT Audit Vice President Business IT Risk Management JPM
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationWhat s the Path? Information Life-cycle part of Vendor Management
Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered
More informationSHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS
SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS An overview of how the Shared Assessments Program SIG 2014
More information2.0. Cloud Computing. (Volume 18, Number 2) Heather A. Smith James D. McKeen. Sponsored by:
2.0 Cloud Computing (Volume 18, Number 2) By Heather A. Smith James D. McKeen Sponsored by: Introduction There is no end to the predictions that cloud computing is going to dramatically change IT and how
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationSSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch
SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,
More informationPharma CloudAdoption. and Qualification Trends
Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for
More informationSpecialist Cloud Services Lot 4 Cloud EDRM Consultancy Services
Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4 3.2 Service description...
More informationSecurity Concerns about Cloud Computing in Healthcare. Kate Borten, CISSP, CISM President, The Marblehead Group
Security Concerns about Cloud Computing in Healthcare Kate Borten, CISSP, CISM President, The Marblehead Group Agenda What is cloud computing? Advantages Security concerns Suggestions 2009 The Marblehead
More informationTHE BUSINESS OF CLOUD
THE BUSINESS OF CLOUD THE BUSINESS OF CLOUD Introduction Chapter 1: Chapter 2: Chapter 3: Chapter 4: Chapter 5: Chapter 6: Choose the Right Model Overcome Procurement Barriers to Cloud Adoption Meet Complex
More informationHITECH & The Cloud: Control and Accessibility of Data Downstream
HITECH & The Cloud: Control and Accessibility of Data Downstream David Holtzman, OCR (Moderator) James Koenig, Privacy Leader; Health Information Privacy & Security Practice Co-Leader, PricewaterhouseCoopers
More informationGlobal Infrastructure Services, Solutions & Consulting. Solutions. Cloud computing
Global Infrastructure Services, Solutions & Consulting Solutions Cloud computing Until now, managing IT infrastructure has been about negotiating limits limited processing power, capacity, bandwidth and
More informationPublic Cloud Workshop Offerings
Cloud Perspectives a division of Woodward Systems Inc. Public Cloud Workshop Offerings Cloud Computing Measurement and Governance in the Cloud Duration: 1 Day Purpose: This workshop will benefit those
More informationDRAFT. Arkansas Enterprise Cloud Strategy
Arkansas Enterprise Cloud Strategy Executive Summary The state of Arkansas is seeking ways to take advantage of the benefits cloud computing offers. While the existing model of hosted services has and
More informationBest Practices for Negotiating Cloud-Based Software Contracts
DoD ESI White Paper Best Practices for Negotiating Cloud-Based Software Contracts Guidance on the differences between purchasing perpetual software and renting Software as a Service About DoD ESI The DoD
More informationCloud Security and Privacy
Cloud Security and Privacy Tim Brown Vice President and Chief Architect Security Management CA, Inc. July 2009 Agenda > The Evolution to Cloud computing > Opportunities for the Customer and the Vendor
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationAnatomy of a Cloud Computing Data Breach
Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations
More informationCLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs
CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs Eric Simmon January 28 th, 2014 BACKGROUND Federal Cloud Computing Strategy Efficiency improvements will shift resources towards higher-value
More informationChecklist for a Watertight Cloud Computing Contract
Checklist for a Watertight Cloud Computing Contract Companies of all industries are recognizing the need and benefit of moving some if not all of their IT infrastructure to a Cloud whether public or private.
More informationAna Juan Ferrer Cloud Forward 2015, 07/10/2015
Ana Juan Ferrer Cloud Forward 2015, 07/10/2015 SLALOM in a nutshell Service Level Agreement Legal and Open Model SLALOM s principal objeccve is to create a Service Level Agreement (SLA) reference model
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationOutsourcing Technology Services A Management Decision
Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships
More information