Operating in the Cloud Compliance Challenges
|
|
- Blanche Payne
- 7 years ago
- Views:
Transcription
1 Operating in the Cloud Compliance Challenges Chris Reid, Integrity Solutions Ltd GAMP Global Steering Committee ISPE International Board of Directors
2 Topics GAMP Special Interest Group Cloud Service Models Regulated Company / Regulatory Concern Benefits and Risks Considerations for Cloud Management
3 Cloud SIG Cloud SIG was established early 2013 Small team representing cross section of large / small Pharma and cloud service providers Goals: Ongoing dialogue between GAMP / IPSE and regulators to understand challenges of operating in the cloud Provide guidance on usage of cloud technologies in the GxP environment in order to facilitate controlled adoption by industry
4 The Problem Trends over recent years are challenging us to think of systems differently Business Driven IT Driven Workplace independent working (anytime, anywhere, any place, any device.) Outsourcing of IT services Virtualisation of systems and applications Bring your own device (BYOD) Always and anywhere connected Pharma companies are in a pressed financial situation
5 The Problem The amount of information we handle is exploding data volume continues to grow Need for computing power continues to grow consequently the need for IT to continually manage grows Industry is always looking for better, cheaper, and faster solutions Outsourcing to specialised firms who can provide IT solutions more efficiently Leveraging technology to improve information handling
6 The Benefits Cloud providers offer: Extremely fast and flexible solution delivery On-demand scalability Business continuity solutions Easy solutions for backup and archive All for a considerably lower cost than traditional in-house computing solutions
7 The Cloud Models Type Description Risks Public Cloud Private Cloud Service provider offers services to all Cloud Structure with own data centre or dedicated to client Management controls more difficult to assess and enforce Management controls more easily assessed Hybrid Cloud Uses both public or Depends on scope of public cloud
8 Cloud variants
9 Increasing Scope and Risk
10 Other Cloud Considerations Term Description Considerations Multi Tenancy Virtualisation Multiple customers share a single application, even though they only have access to their own data Emulation of computer hardware and software so that one or more emulated computers can run in a single physical environment How is application and data access controlled? Are there any further risks from the virtual infrastructure layer? Is performance impacted?
11 Regulatory Consideration Global regulators are interested in the growing utilisation of cloud environments Regulators are not averse to cloud computing, like all new hot topics they need to understand the risks and required controls FDA working group on Cloud computing. FDA wants to better understand: What systems are currently outsourced? What issues or concerns have come up? What resolutions/mitigations were employed? Common terminology and definitions for outsourcing IT systems What type of systems will be outsourced in the future?
12 FDA viewpoint What are regulators interested in when they discover IT is outsourced? Integrity of the Data is assured Risks clearly identified & mitigated Client/Provider Contracts Provider Quality Systems SOP s, validation, change control, training Cybersecurity for Networked Systems Data Backup/Recovery Audits of Providers by FDA/Clients Bob Tollefsen, FDA
13 What are the regulatory expectations for Infrastructure, Applications and Data? Global regulations expect: Applications should be validated IT infrastructure should be qualified Data integrity and security must be maintained When outsourcing to 3rd parties, accountability for compliance remains with the regulated company, but compliance controls may be delegated to others with appropriate management control GAMP and cross industry guides such as ITIL, ISO 27001, IEEE, ASTM, TickIT, CMMi provide guidance on Application and Infrastructure Development, Validation / Qualification, Operation, Support and Retirement These basic premises do not change in an outsourced environment, including cloud, what changes is the chain of command and trust
14 Risk Considerations Examples: Outsourcing Surrendered control: Risk Outsource company has better processes: Risk Virtualisation If a physical machine fails, VM moves: Risk Data in the cloud Better disaster recovery protection: Risk Data is not on the regulated company s asset: Risk
15 Risk Considerations Service Provider: Responsibility for application management and performance with the service provider Responsibility for security with service provider Management of service change or contract exit One sided Service Level Agreements Service provider business failure Choose carefully
16 The Basic Issue Business Need Solution
17 Cloud is here to stay.. The EFPIA has selected software firm Solidsoft for its anti-counterfeit European Medicines Verification System (EMVS) powered by Microsoft's cloud-based platform Windows Azure
18 60% 50% Security Differing levels of importance Public vs. Private Cloud Providers 43% 51% 40% 30% 20% 10% 29% 35% 0% Private Public How confident are you that cloud applications and resources supplied by your organisation are secure? How important is security for meeting your organization s IT and data processing objectives? These questions answered by 127 Cloud offering providers
19 Differing levels of risk mitigation and emphasis surveyed from Public Cloud Providers 19
20 Availability Highly Publicised Outages Event Date Lighting strike AWS Dublin 08 Aug 2011 Azure Leap year issue 29 Feb 2012 Netflix streaming down (AWS) 24 Dec 2012 Azure SSL Certificate issue 22 Feb 2013 Crawley, 25th April
21 Security Main concern with cloud solutions, especially multi-tenant Security can be established at many levels Physical O/S / Network / Virtualisation Application D/B Depending on the selected model, your organisation may be still be in control of several layers
22 Due-Diligence Certification obtained by Amazon/Azure AWS Azure SOC1/SSAE 16/ISAE 3402 SOC2 ISO/IEC 27001:2005 PCI DSS Level 1 FISMA, DIACAP and FedRAMP ITAR FIPS EU Model Clause/Safe Harbor HIPAA via BAA MPAA 22
23 SLA and Contracts Azure Tier Enterprise Support 23
24 Industry Standards - Security in the Compliance Cloud Audit Planning, Independent Audits, Third Party Audits Contact / Authority Maintenance Information System Regulatory Mapping Intellectual Property c/o Cloud Security Alliance
25 Industry Standards - Security in the Cloud Data Governance Ownership / Stewardship Classification Handling / Labelling / Security Policy Retention Policy, Secure Disposal Information Leakage, Risk Assessments c/o Cloud Security Alliance
26 Industry Standards - Security in the Cloud Facility Security Policy, User Access, Controlled Access Points Secure Area Authorization, Unauthorized Persons Entry Off-Site Authorization, Off-Site Equipment Asset Management Human Resources Security Background Screening, Employment Agreements & Termination c/o Cloud Security Alliance
27 Industry Standards - Security in the Cloud Information Security Management Program, Management Support / Involvement Policy, Baseline Requirements User Access Policy, User Access Restriction / Authorization User Access Revocation, User Access Reviews Training / Awareness, Industry Knowledge / Benchmarking Roles / Responsibilities, Management Oversight Segregation of Duties, User Responsibility Workspace, Encryption, Encryption Key Management Vulnerability / Patch Management, Anti-Virus / Malicious Software Incident Management, Incident Reporting Incident Response Legal Preparation, Incident Response Metrics Acceptable Use, Asset Returns, ecommerce Transactions Audit Tools Access, Diagnostic / Configuration Ports Access Network / Infrastructure Services, Portable / Mobile Devices Source Code Access Restriction, Utility Programs Access c/o Cloud Security Alliance
28 Industry Standards - Security in the Cloud Legal Non-Disclosure Agreements Third Party Agreements Operations Management Policy, Documentation, Capacity / Resource Planning Equipment Maintenance Risk Management Program, Assessments, Mitigation / Acceptance Business / Policy Change Impacts, Third Party Access Release Management New Development / Acquisition, Production Changes Quality Testing, Outsourced Development Unauthorized Software Installations c/o Cloud Security Alliance
29 Industry Standards - Security in the Cloud Resiliency Business Continuity Planning, Business Continuity Testing Environmental Risks, Equipment Location Equipment Power Failures, Power / Telecommunications Security Architecture Customer Access Requirements User ID Credentials, Data Security / Integrity Application Security, Data Integrity Production / Non-Production Environments Remote User Multi-Factor Authentication c/o Cloud Security Alliance
30 Outsourcing Lifecycle Phase 1: Phase 2: Phase 3: Phase 4: Phase 5: Business Case Specification & Selection Implementation Monitor Change Benefits and Risk Analysis Specification Planning Service & Contract Management Change Management Selection Implementation Exit Management Contract Transition
31 Supporting Regulatory Inspection Information required during an inspection will be held by service provider Design documentation Configuration information Standards, Processes Records Client company still accountable not outsource company How will outsource organisation be engaged during an inspection? FDA may inspect outsourced service providers in the future???
32 Conclusions (1) Cloud computing is here to stay and brings clear benefits to industry The main issue around cloud is delegation of responsibilities and the need to ensure that service providers have appropriate controls in place Application validation and infrastructure qualification requirements remain in principle but we may need to be more innovative in the way we assure controls Industry already working towards Cloud Computing standards, there is no business sense in cloud failures As with all industry innovation, there will be regulatory interest until maturity is demonstrated
33 Conclusions (2) The ability to influence, evaluate and monitor the performance of the service provided is important GAMP promotes leveraging of supplier effort to reduce the compliance burden on industry, with appropriate controls in place there is no reason why Cloud service providers cannot support this
34 Acknowledgements Some slides have been leveraged from QUMAS Ireland following their presentation to GAMP UK. Some slides have been taken from ISPE GAMP Cloud SIG
Orchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationServices Providers. Ivan Soto
SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationPharma CloudAdoption. and Qualification Trends
Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for
More informationSTORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationUsing SharePoint 2013 for Managing Regulated Content in the Life Sciences. Presented by Paul Fenton President and CEO, Montrium
Using SharePoint 2013 for Managing Regulated Content in the Life Sciences Presented by Paul Fenton President and CEO, Montrium Overview Informative Webinar that aims to provide an overview of how SharePoint
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationRemote Access Service (RAS)
Remote Access Service (RAS) Contents 1 Introduction to Remote Access Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Access Methods... 3 3 Differentiators...4 4 Commercials...5
More informationTRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014
TRUSTED CLOUD Our commitment to provide a cloud you can trust Fernando Machado Píriz September 2014 Technology Trends Driving cloud adoption 71% of strategic buyers cite scalability, cost and business
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationConsiderations for firms thinking of using third-party technology (off-the-shelf) banking solutions
Financial Conduct Authority Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions Introduction 1. A firm has many choices when designing its operating model
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationOur Cloud Offers You a Brighter Future
Our Cloud Offers You a Brighter Future Qube Global Software Cloud Services are used by many diverse organisations including financial institutions, international service providers, property companies,
More informationThe Cloud in Regulatory Affairs - Validation, Risk Management and Chances -
45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationISO 27002:2013 Version Change Summary
Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationHosted SharePoint: Questions every provider should answer
Hosted SharePoint: Questions every provider should answer Deciding to host your SharePoint environment in the Cloud is a game-changer for your company. The potential savings surrounding your time and money
More informationWelcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014
Welcome Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Panel Tracy Lampula, Associate Director of GIS Compliance, Vertex Pharmaceuticals William Sanborn, Director of Information
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationCloud Computing in a Regulated Environment
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationIntermedia s Dedicated Exchange
Intermedia s Dedicated Exchange This is a practical guide to implementing Intermedia s Dedicated Hosted Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading
More informationCloud Computing in GxP Environment
Cloud Computing in GxP Environment Kathy Gniecko Hoffmann LaRoche 3rd April 2014, Stevenage 1 Introductions 18 years Experience in Pharma across all aspects of CSV. Prior to CSV experience in Pharma Research,
More informationQualification Guideline
Qualification Guideline June 2013 Disclaimer: This document is meant as a reference to Life Science companies in regards to the Microsoft O365 platform. Montrium does not warrant that the use of the recommendations
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationSeminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues. Palace Hotel Saigon, HCMC, November 19 th 2014
Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues Palace Hotel Saigon, HCMC, November 19 th 2014 Cyber Security and Supply Chain Integrity as Risk Factors
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationLive Guide System Architecture and Security TECHNICAL ARTICLE
Live Guide System Architecture and Security TECHNICAL ARTICLE Contents 1. Introduction... 2 2. Hosting Environment... 2 2.1. Standards - Compliancy... 3 2.2. Business Continuity Management... 3 2.3. Network
More informationGAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi
GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi Disclaimer The views and opinions expressed in the following
More informationstate of south dakota Bureau of Information & Telecommunications Provide a Reliable, Secure & Modern Infrastructure services well-designed innovative
Strategic Plan 2015-2017 state of south dakota Bureau of Information & Telecommunications 1GOAL ONE: Provide a Reliable, Secure & Modern Infrastructure services security technology assets well-designed
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationOn Premise Vs Cloud: Selection Approach & Implementation Strategies
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationMagento Enterprise Cloud Edition A Platform-as-a-Service for Your Business. Peter Sheldon VP Strategy, Magento Commerce
Magento Enterprise Cloud Edition A Platform-as-a-Service for Your Business Peter Sheldon VP Strategy, Magento Commerce 88% of Organizations Have a Cloud 1 st Strategy Source: Gartner Forecast Analysis:
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationCloud IT, Privacy, and Security. June 13, 2013
Cloud IT, Privacy, and Security June 13, 2013 Chris Kradjan, CPA, CITP, CRISC Chris Kradjan is the National Leader for IT Consulting and the SSAE 16 Practice of Moss Adams. With more than 16 years of experience,
More informationINFORMATION SYSTEMS. Revised: August 2013
Revised: August 2013 INFORMATION SYSTEMS In November 2011, The University of North Carolina Information Technology Security Council [ITSC] recommended the adoption of ISO/IEC 27002 Information technology
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationTransition From Virginia Interactive
Transition From Virginia Interactive Transition Webinar October 2012 1 1 Authors VITA SiteVision CyberData BroadPoint AIS Hosting O & M Hosting topics include: Network Server performance Backups Patches
More informationCLOUD SERVICES FOR EMS
CLOUD SERVICES FOR EMS Greg Biegen EMS Software Director Cloud Operations and Security September 12-14, 2016 Agenda EMS Cloud Services Definitions Hosted Service Managed Services Governance Service Delivery
More informationWhat Cloud computing means in real life
ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)
More informationHow to procure a secure cloud service
How to procure a secure cloud service Dr Giles Hogben European Network and Information Security Agency Security in the cloud contracting lifecycle Can cloud meet your security requirements Choose the provider
More informationA Survey on Security Issues in Service Delivery Models of Cloud Computing
A Survey on Security Issues in Service Delivery Models of Cloud Computing { S. Subashini and V. Kavitha (2011) Presented by: Anthony Postiglione Outline Introduction What is Cloud Computing Pros/Cons of
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationGAMP 4 to GAMP 5 Summary
GAMP 4 to GAMP 5 Summary Introduction This document provides summary information on the GAMP 5 Guide and provides a mapping to the previous version, GAMP 4. It specifically provides: 1. Summary of Need
More informationDRUVA SECURITY OVERVIEW ICT AFRICA CAPE TOWN LEE MEPSTED EMEA CHANNEL MANAGER
DRUVA SECURITY OVERVIEW ICT AFRICA CAPE TOWN LEE MEPSTED EMEA CHANNEL MANAGER ABOUT DRUVA Company Fastest growing data protection company Headquartered in Silicon Valley Backed by Sequoia and EMC Ranked
More informationLogicalis Managed Service Strategy & Support. Geraldine Moatti Proposition Manager, Services
Logicalis Managed Service Strategy & Support Geraldine Moatti Proposition Manager, Services 1 I don t want to be a Technology Operator Or how do I deliver business differentiation? Support business growth
More informationTELEFÓNICA UK LTD. Introduction to Security Policy
TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15
More informationVendor Audit Questionnaire
Vendor Audit Questionnaire The following questionnaire should be completed as thoroughly as possible. When information cannot be provided it should be noted why it cannot be provided. Information may be
More informationInformation Shield Solution Matrix for CIP Security Standards
Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability
More informationService Support. 2005 Kasse Initiatives, LLC. ITIL Configuration Management - 1. version 2.0
Service Support Configuration Management ITIL Configuration Management - 1 Goals of Configuration Management The goals of Configuration Management are to: Account for all the IT assets and configurations
More informationCAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING?
CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING? Ameer Pichan School of Electrical Engineering & Computing Curtin University, Australia What is it? Similar to other services net r
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationCloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5
Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationCloud Security Alliance New Zealand Contribution to the Privacy Commissioner. 23 February 2012
Cloud Security Alliance New Zealand Contribution to the Privacy Commissioner 23 February 2012 Foreword Cloud Security Alliance New Zealand Chapter is grateful to Privacy Commissioner for giving an opportunity
More informationInformation Security Policy and Handbook Overview. ITSS Information Security June 2015
Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information
More informationHosted Desktop as a Service
Hosted Desktop as a Service Contents 1 Introduction to Hosted Desktop Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Administration... 4 2.3 Access Methods... 4 2.4 Service
More informationCONVERGED DATA PROTECTION. ITSA Nürnberg
CONVERGED DATA PROTECTION ITSA Nürnberg DRUVA Company Founded in 2008 in Pune, India Headquartered in Silicon Valley 5 Offices worldwide, 24x7 Support Backed by Sequoia and EMC End of 2014 +3000 Customers,
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationHow to Lead the People in a Program Based Environment
SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationSikkerhet i skytjenester; hva bør en tenke på? Ole Tom Seierstad National Security Officer Microsoft Norway oles@microsoft.com
Sikkerhet i skytjenester; hva bør en tenke på? Ole Tom Seierstad National Security Officer Microsoft Norway oles@microsoft.com Cloud is becoming integral to business transformation The secure pathway to
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationAshley Clarke Hosted Desktop. Business Name
Ashley Clarke Hosted Desktop Business Name Our Partner s Technology Partner Ashley Clarke s Hosted Desktop is a full featured Windows 8 style experience delivered from the cloud. One of the key advantages
More informationPATCH MANAGER what does it do?
PATCH MANAGER what does it do? PATCH MANAGER SAAS maps all your physical assets and physical infrastructure such as network and power cabling, racks, servers, switches, UPS and generators. It provides
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationWHITE PAPER. Mitigate BPO Security Issues
WHITE PAPER Mitigate BPO Security Issues INTRODUCTION Business Process Outsourcing (BPO) is a common practice these days: from front office to back office, HR to accounting, offshore to near shore. However,
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationHosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com
Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on
More information