EHR IN THE CLOUD - FINDING A BALANCE

Size: px
Start display at page:

Download "EHR IN THE CLOUD - FINDING A BALANCE"

Transcription

1 1 05/12/2013 EHR IN THE CLOUD - FINDING A BALANCE Michael De Geest Central information security consultant vzw Provincialaat der Broeders van Liefde

2 2 EHR in the Cloud - introduction Find a clever way to deal with risks: - search for a methodology to handle risks - find a syntax to identify the risks -> risks have to be easy-tounderstand by the policy - pursue a scenario based risk analysis -> say what s going wrong Topics in this presentation: Insecure connections / Third party and data / Various providers / Reporting and data access / awareness of safety levels

3 3 EHR in the Cloud - insecure connections Situation: hosting of EHR in the Cloud provided by foreign hosting provider Juridical: strictly speaking, the EHR may not reside outside the walls of hospitals (this is an outdated legislation) Weakness: insufficient elaborated back-to-back SLAs between telecom providers Risk: failure of international connections due to conflicts between telecom providers

4 4 EHR in the Cloud - insecure connections Measures: 24/7 availability of network team of the hosting provider -> only this measure is not enough -> need for better measures

5 5 EHR in the Cloud - third party and data Situation: hosting van EHR in Cloud is provided by a hosting provider, that provides basic services such as data backup. Weakness: medical data is stored by the third party. The hospital has no control over the existing security measures. Risk: third party has unauthorized access to medical data from the hospital

6 6 EHR in the Cloud - third party and data Measures: - Creation of back-to-back SLAs between hospital and hosting provider - Responsibility of hospital: compliance with the back-to-back SLAs - Ability to obtain an audit of the third party

7 7 EHR in the Cloud - various providers Situation: the hosting of the EHR in the cloud is provided by a hosting provider. The actual EHR software that runs on this hosting is provided by the so called software provider (= another third party) Weakness: the software provider can claim a certificate that actually belongs to the hosting provider Risk: mistaken SLA between hospital and software provider, due to a wrong certificate claim Measures: vigilance and awareness of claiming certificates by software vendors

8 8 EHR in the Cloud - reporting and data access Situation: each hospital needs hospital-specific reports. Additionally, there is a need for direct read and write operations on the database. Weakness: - connectors that can provide read and write operations may have access to restricted data - Insufficient separation between customer data, both at the level of user access as at the level of direct SQL access to data in the database

9 9 EHR in the Cloud - reporting and data access Risks: - correct data is retrieved/edited from the wrong hospital - wrong data is retrieved/edited from the correct hospital Measures: - an independent audit is required - ask the software provider to offer better data connections. This can lead to a loss of flexibility, which in turn is a new risk. You have to make your management aware of this risk. - Foresee infrastructure to run reports against local copies of databases

10 10 EHR in the Cloud - awareness of safety levels Both the EHR and hosting provider are unaware what security measures they have to take in order to be compliant with the current guidelines (ISO guidelines and privacy commission). Current situation: - no clarity about any shortcomings - security levels of the provider and the hospital are difficult to compare - not clear under which conditions a hosting provider can obtain data access

11 11 EHR in the Cloud - awareness of safety levels What should be done: - Hosting and software provider should mutually agree on their SLAs in order to affirm the security levels of each other - the technical architecture should be clarified - The expected level of the hospital and the offered levels of the providers have to be aligned on each other. In this regard the discussions must take place in an honest way (and in advance). - Statement of Applicability = a copy of the ISO 2700X measures + adjustments to the needs, by inspecting the additional standards and the new European privacy law

12 12 Questions?

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Daniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016

Daniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016 Daniel Field, Atos Spain Towards the European Open Science Cloud, Heidelberg, 20/01/2016 SLALOM is ready to use Cloud SLAs SLALOM will take theory to practice, providing a trusted verifiable starting point

More information

PUBLIC CLOUD COMES OF AGE

PUBLIC CLOUD COMES OF AGE 50 PUBLIC CLOUD COMES Public cloud services are seeing significant uptake in the Middle East. OF AGE AFTER A LONG PERIOD OF PROMOTION AND HYPE AROUND PUBLIC CLOUD SERVICES, REGIONAL PROVIDERS REPORT THAT

More information

Cloud Security: An Independent Assessent

Cloud Security: An Independent Assessent Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned

More information

Vendor Management Best Practices

Vendor Management Best Practices 23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion

More information

Policy Outsourcing and Cloud Based File Sharing

Policy Outsourcing and Cloud Based File Sharing Policy Outsourcing and Cloud Based File Sharing Version 3.1 TABLE OF CONTENTS Outsourcing Policy... 2 Outsourcing Management Standard... 2 Overview... 2 Standard... 2 Outsourcing Policy... 3 Policy Statement...

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

Information Security Team

Information Security Team Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface

More information

Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT

Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Overview Cloud computing offers great opportunities for organizations, including schools, hospitals and businesses

More information

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation) It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The

More information

The Future of Cloud Computing: Elasticity, Legacy Support, Interoperability and Quality of Service

The Future of Cloud Computing: Elasticity, Legacy Support, Interoperability and Quality of Service The Future of Cloud Computing: Elasticity, Legacy Support, Interoperability and Quality of Service Introduction and overview of the workshop Alex Delis and Michael Pantazoglou, University of Athens www.sucreproject.eu

More information

Pharma CloudAdoption. and Qualification Trends

Pharma CloudAdoption. and Qualification Trends Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for

More information

Healthcare Data in the Cloud A Gathering Storm of Governance. Erik Pupo Senior Manager, Deloitte

Healthcare Data in the Cloud A Gathering Storm of Governance. Erik Pupo Senior Manager, Deloitte Healthcare Data in the Cloud A Gathering Storm of Governance Erik Pupo Senior Manager, Deloitte Objectives for this Webinar Explain what the healthcare cloud really means Highlight emerging challenges

More information

http://www.guido.be/intranet/enqueteoverview/tabid/152/ctl/eresults...

http://www.guido.be/intranet/enqueteoverview/tabid/152/ctl/eresults... 1 van 70 20/03/2014 11:55 EnqueteDescription 2 van 70 20/03/2014 11:55 3 van 70 20/03/2014 11:55 4 van 70 20/03/2014 11:55 5 van 70 20/03/2014 11:55 6 van 70 20/03/2014 11:55 7 van 70 20/03/2014 11:55

More information

Can Cloud Database PaaS Solutions Replace In-House Systems?

Can Cloud Database PaaS Solutions Replace In-House Systems? Can Cloud Database PaaS Solutions Replace In-House Systems? Abstract: With the advent of Platform-as-a-Service as a viable alternative to traditional database solutions, there is a great deal of interest

More information

Fundamentals for EHR Success

Fundamentals for EHR Success Fundamentals for EHR Success Angie Chew Monksfield Principal of Portfolio Lim Shih Hsien Deputy Director, Information Security Knowing the Pain Points This material contains information that is confidential

More information

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard Partner Addendum Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard The findings and recommendations contained in this document are provided by VMware-certified

More information

Tips For Buying Cloud Infrastructure

Tips For Buying Cloud Infrastructure 27 Tips For Buying Cloud Infrastructure A Comprehensive list of questions to ask yourself when reviewing potential cloud providers By Christopher Wilson @chrisleewilson Table of Contents Intro: Evaluating

More information

Security und Compliance in Clouds

Security und Compliance in Clouds Security und Compliance in Clouds Prof. Dr. Jan Jürjens, Kristian Beckers Fraunhofer Institut für Software- und Systemtechnologie ISST, Dortmund http://jan.jurjens.de The NIST Cloud Definition Framework

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Digital Healthcare: Author. A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider. Alex Ginzburg

Digital Healthcare: Author. A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider. Alex Ginzburg : A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider Author Alex Ginzburg VP of Technology, Intervention Insights, Inc. Kanda Software 200 Wells Ave, Newton, MA 02459 617-340-3850 Over

More information

Secure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net

Secure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net Secure Enterprise Mobility Management White Paper: Cloud-Based Enterprise Mobility Management soti.net Background Facing a business environment of constant change and increasing complexity, enterprises

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

The Risks of Cloud Computing:

The Risks of Cloud Computing: The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies K AT I E WOOD S E NIOR L E CTURE I NFORMATIONS S Y S T E MS D E PA R T MENT U NIVERSITY OF WOLVERHAMPTON

More information

SAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT

SAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT SAM Benefits Overview SAM SAM is critical to managing an IT environment because effectiveness is seriously compromised when an organization doesn t know what software assets it has, where they are located,

More information

Genomics and the EHR. Mark Hoffman, Ph.D. Vice President Research Solutions Cerner Corporation

Genomics and the EHR. Mark Hoffman, Ph.D. Vice President Research Solutions Cerner Corporation Genomics and the EHR Mark Hoffman, Ph.D. Vice President Research Solutions Cerner Corporation Overview EHR from Commercial Perspective What can be done TODAY? What could be done TOMORROW? What are some

More information

Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise. Benefits of Backup Policy Management

Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise. Benefits of Backup Policy Management Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise Why Policy Management Matters... 3 Data Protection Service Management: An Overview... 3 Policy Management s Role

More information

Collaboration for Big Data, Business Intelligence, and Mobile Initiatives

Collaboration for Big Data, Business Intelligence, and Mobile Initiatives Collaboration for Big Data, Business Intelligence, and Mobile Initiatives Valeh Nazemoff, Acolyst Sr. Vice President Session Code BI01 Speaker Bio Specializing in enterprise business performance management

More information

Architecting the Cloud

Architecting the Cloud Architecting the Cloud Sumanth Tarigopula Director, India Center, Best Shore Applications Services 2011Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without

More information

Managing the Shadow Cloud

Managing the Shadow Cloud Managing the Shadow Cloud Integrating cloud governance into your existing compliance program August 2014 Shadow IT is not a new concept and organizations are well aware of the risks associated with unauthorized

More information

HIPAA Audits Are Happening. eroi

HIPAA Audits Are Happening. eroi HIPAA Audits Are Happening. eroi Are You at Risk? efiling Advanced efile Form Completion Charting Host: Kathryn Ayers Wickenhauser Meaningful Use / HIPAA Compliance Consultant Kathryn.Wickenhauser@DatafileTechnologies.com

More information

Retention & Disposition in the Cloud Do you really have control?

Retention & Disposition in the Cloud Do you really have control? InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October

More information

Cloud Technology Platform Enables Leading HR and Payroll Services Provider To Meet Solution Objectives

Cloud Technology Platform Enables Leading HR and Payroll Services Provider To Meet Solution Objectives Greytip Online Cloud based HR & Payroll software Cloud Technology Platform Enables Leading 16 Snapshot Client Profile A global HR & Payroll outsourcing company. The company is in the business of delivering

More information

Bring Your Own Devices (BYOD) Information Governance Guidance

Bring Your Own Devices (BYOD) Information Governance Guidance Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations wishing to enable the use of Bring Your Own

More information

Manual Penetration Testing for ContractPal

Manual Penetration Testing for ContractPal Manual Penetration Testing for ContractPal Customer Background ContractPal, Inc. is a SaaS Business Process Outsourcing (BPO) company that has been offering its services and custom applications to a wide

More information

Security and Compliance in Clouds: Challenges and Solutions

Security and Compliance in Clouds: Challenges and Solutions Security and Compliance in Clouds: Challenges and Solutions Prof. Dr. Jan Jürjens Fraunhofer Institut für Software- und Systemtechnologie ISST, Dortmund http://jan.jurjens.de This Talk What are the challenges?

More information

Data Privacy and Security for Market Research in the Cloud

Data Privacy and Security for Market Research in the Cloud Data Privacy and Security for Market Research in the Cloud Peter Milla IIeX2015 NA Agenda Page 2 1. Background 2. Why the Cloud? 3. Data Privacy and Data Security in the Cloud 4. How do We Deal with It?

More information

Four Goals of Certification

Four Goals of Certification Mission CCHIT is an independent, nonprofit organization with the mission of accelerating the adoption of robust, interoperable health IT by creating an efficient, credible certification process 2008 Slide

More information

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with

More information

IT GOVERNANCE ISSUES IN THE INSTITUTIONS WE HAVE AUDITED: LESSONS LEARNED

IT GOVERNANCE ISSUES IN THE INSTITUTIONS WE HAVE AUDITED: LESSONS LEARNED CONTRALORIA GENERAL DE LA REPUBLICA DE COSTA RICA 5TH PERFORMANCE AUDITING SEMINAR INTOSAI STANDING COMMITTEE ON IT AUDIT MAJOR THEME: IT GOVERNANCE IT GOVERNANCE ISSUES IN THE INSTITUTIONS WE HAVE AUDITED:

More information

How to Guide for Cloud Processing and Outsourcing: ISO Compliant - Including ISO 31000-2015 Edition

How to Guide for Cloud Processing and Outsourcing: ISO Compliant - Including ISO 31000-2015 Edition Brochure More information from http://www.researchandmarkets.com/reports/3302002/ How to Guide for Cloud Processing and Outsourcing: ISO Compliant - Including ISO 31000-2015 Edition Description: The need

More information

Interoperability & Portability for Cloud Computing: A Guide. http://www.cloud-council.org/cscc-cloud-interoperability-and-portability.

Interoperability & Portability for Cloud Computing: A Guide. http://www.cloud-council.org/cscc-cloud-interoperability-and-portability. Interoperability & Portability for Computing: A Guide http://www.cloud-council.org/cscc--interoperability-and-portability.pdf December, 2014 The Standards Customer Council THE Customer s Voice for Standards!

More information

Refresher on cloud computing

Refresher on cloud computing Refresher on cloud computing Cloud computing is a form of outsourcing where the organization outsources data processing to computers owned by the vendor. Outsourcing may also include utilizing the vendor

More information

Table 1 Question Answer Explanation Next Question 1. Sensitive data?

Table 1 Question Answer Explanation Next Question 1. Sensitive data? The decision tree shown in Figure 1 is useful to facilitate the decision making process of a cloud deployment model. For each question in Figure 1, refer to the explanation in Table 1. While there are

More information

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

RISK. Outsourcing Risk Management How to Focus on Controlling and Managing IT Vendors under RBI Guidelines

RISK. Outsourcing Risk Management How to Focus on Controlling and Managing IT Vendors under RBI Guidelines August 31 September 2, 2015 Programme on Outsourcing Risk Management How to Focus on Controlling and Managing IT Vendors under RBI Guidelines Coordinator Prof Sunil Bakshi RISK National Institute of Bank

More information

Cloud Computing in GxP Environment

Cloud Computing in GxP Environment Cloud Computing in GxP Environment Kathy Gniecko Hoffmann LaRoche 3rd April 2014, Stevenage 1 Introductions 18 years Experience in Pharma across all aspects of CSV. Prior to CSV experience in Pharma Research,

More information

Cloud Service Contracts: An Issue of Trust

Cloud Service Contracts: An Issue of Trust Cloud Service Contracts: An Issue of Trust Marie Demoulin Assistant Professor Université de Montréal École de Bibliothéconomie et des Sciences de l Information (EBSI) itrust 2d International Symposium,

More information

Best Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP

Best Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

Public Cloud Workshop Offerings

Public Cloud Workshop Offerings Cloud Perspectives a division of Woodward Systems Inc. Public Cloud Workshop Offerings Cloud Computing Measurement and Governance in the Cloud Duration: 1 Day Purpose: This workshop will benefit those

More information

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure? SOLUTION BRIEF: CA INFORMATION GOVERNANCE Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure? CA Information Governance delivers

More information

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.

More information

Checklist for a Watertight Cloud Computing Contract

Checklist for a Watertight Cloud Computing Contract Checklist for a Watertight Cloud Computing Contract Companies of all industries are recognizing the need and benefit of moving some if not all of their IT infrastructure to a Cloud whether public or private.

More information

Cisco Cloud Assessments. Justin Tang

Cisco Cloud Assessments. Justin Tang Cisco Cloud Assessments Justin Tang Cisco Landscape Evolution of Cloud Assessments Performing Cloud Assessments Challenges 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Definition:

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

Ana Juan Ferrer Cloud Forward 2015, 07/10/2015

Ana Juan Ferrer Cloud Forward 2015, 07/10/2015 Ana Juan Ferrer Cloud Forward 2015, 07/10/2015 SLALOM in a nutshell Service Level Agreement Legal and Open Model SLALOM s principal objeccve is to create a Service Level Agreement (SLA) reference model

More information

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased

More information

Contents. Procedures. Chapter 400 Trading. Page. 401 Trading Through the Trading System... 400-1

Contents. Procedures. Chapter 400 Trading. Page. 401 Trading Through the Trading System... 400-1 Contents Procedures Chapter 400 Trading Thailand Futures Exchange Pcl. 400 Page 401 Trading Through the Trading System... 400-1 401.01 Standards of the Member s Computer System Used in the Trading... 400-1

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Mobile applications and compliancy: what you should know. March 2016

Mobile applications and compliancy: what you should know. March 2016 Mobile applications and compliancy: what you should know March 2016 1 Mobile applications and compliancy: what you should know Skyping with somebody on the other side of the world via a smartphone, or

More information

Cloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015

Cloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015 Cloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015 James B. Wieland, Principal, Ober Kaler David Holtzman, VP of Compliance, CynergisTek Welcome The slides

More information

Cloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority

Cloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority Cloud Security Standards Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority Introduction Sign Off December 2012 Information Technology Authority

More information

Managed Desktop Support Services

Managed Desktop Support Services managed enterprise technologies Managed Desktop Support Services MET Managed Desktop Support Service Most organisations spend lots of time and money trying to manage complex desktop environments and worrying

More information

A Note on the Security in the Card Management System of the German E-Health Card

A Note on the Security in the Card Management System of the German E-Health Card A Note on the Security in the Card Management System of the German E-Health Card Marcel Winandy (Ruhr-University Bochum) 3rd International ICST Conference on Electronic Healthcare for the 21st Century

More information

Cloud Computing Contract Clauses

Cloud Computing Contract Clauses Cloud Computing Contract Clauses Management Advisory Report Report Number SM-MA-14-005-DR April 30, 2014 Highlights The 13 cloud computing contracts did not address information accessibility and data security

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

BECOME A SMARTER CLOUD CONSUMER

BECOME A SMARTER CLOUD CONSUMER Kurt Hagerman Chief Information Security Officer BECOME A SMARTER CLOUD CONSUMER Ripping through the Rhetoric to Find Your Cloud & Control Your Risk 05/18/2015 ABOUT KURT HAGERMAN Kurt Hagerman Chief Information

More information

THE DOMESTIC SURVEY AND THE CONSEQUENT RECOMMENDATIONS

THE DOMESTIC SURVEY AND THE CONSEQUENT RECOMMENDATIONS OVERSIGHT RECOMMENDATIONS ON BUSINESS CONTINUITY BACKGROUND OF THE DOMESTIC SURVEY Unexpected incidents worldwide have focused the attention of the financial sector, including the participants of the domestic

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Making Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled

Making Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled Making Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled Government Conference & Expo September 22, 2011 Disclaimer This

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Operations and Network Center (CORE)

Operations and Network Center (CORE) Operations and Network Center (CORE) Get to know us The Operations and Network Center (CORE) is the cornerstone in Informatica ECI's strategy for the provision of managed information technology services.

More information

APPLYING LESSONS LEARNED TO FEDERAL CLOUD COMPUTING

APPLYING LESSONS LEARNED TO FEDERAL CLOUD COMPUTING APPLYING LESSONS LEARNED TO FEDERAL CLOUD COMPUTING WHAT DO FEDERAL LEADERS THINK OF THEIR AGENCIES PROGRESS IN IMPLEMENTING CLOUD COMPUTING, AND WHAT CAN AGENCIES DO TO OVERCOME THEIR ONGOING OBSTACLES?

More information

DriveHQ Security Overview

DriveHQ Security Overview DriveHQ Security Overview Based in Silicon Valley, DriveHQ was the first company to offer Cloud IT Solution. We have over one million customers from all over the world and across many industries. We have

More information

Audit of the programme performance management in DPKO

Audit of the programme performance management in DPKO ANNEX I AUDIT RECOMMENDATIONS Audit of the programme performance management in DPKO Rec. no. Recommendation 1 DPKO should further refine its logical framework to ensure that: (a) indicators of achievement

More information

Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity

Cloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity Reprinted from PHARMACEUTICAL ENGINEERING THE OFFICIAL TECHNICAL MAGAZINE OF ISPE JANUARY/FEBRUARY 2014, VOL 34, NO 1 Copyright ISPE 2014 www.pharmaceuticalengineering.org information systems in a GxP

More information

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING Karin Bernsmed, Martin Gilje Jaatun SINTEF Information and Communication Technology, Trondheim, Norway Karin.Bernsmed@sintef.no, Martin.G.Jaatun@sintef.no

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

November 12, 2015. I.T. Change Management Why Bother?

November 12, 2015. I.T. Change Management Why Bother? November 12, 2015 I.T. Change Management Why Bother? Why do it? The true intent of your I.T. Change Management process is to: a) Pass an Audit or b) Mitigate Risk to the Business Mitigate Risk to the Business

More information

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire Overview This pre-implementation questionnaire is designed to provide the Boston College Internal Audit Department with a general understanding

More information

AUDIT REPORT. The Department of Energy's Management of Cloud Computing Activities

AUDIT REPORT. The Department of Energy's Management of Cloud Computing Activities U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Department of Energy's Management of Cloud Computing Activities DOE/IG-0918 September 2014 Department

More information

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010

More information

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

G-Cloud 7 Service Description Document. Third Party Services. Zendesk Licences 1. Zendesk Services (Consulting) 2. Nexus Pro Licences & Services 3

G-Cloud 7 Service Description Document. Third Party Services. Zendesk Licences 1. Zendesk Services (Consulting) 2. Nexus Pro Licences & Services 3 CONTENTS Zendesk Licences 1 Zendesk Services (Consulting) 2 Nexus Pro Licences & Services 3 GlobalTester Licences & Services 4 Service Clarity 5 Copyright Clearvision-CM 2015 0 ZENDESK LICENCES (HOSTED)

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

We Believe in Security with a Capital S

We Believe in Security with a Capital S Security Consulting by arvato Systems We Believe in Security with a Capital S The number of attacks on IT systems has increased dramatically in recent years, with the style and approach of such attacks

More information

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME THE NEED FOR HIGH AVAILABILITY AND UPTIME 1 THE NEED FOR HIGH AVAILABILITY AND UPTIME All Clouds Are Not Created Equal INTRODUCTION Companies increasingly are looking to the cloud to help deliver IT services.

More information

G-Cloud Big Data Suite Powered by Pivotal. December 2014. G-Cloud. service definitions

G-Cloud Big Data Suite Powered by Pivotal. December 2014. G-Cloud. service definitions G-Cloud Big Data Suite Powered by Pivotal December 2014 G-Cloud service definitions TABLE OF CONTENTS Service Overview... 3 Business Need... 6 Our Approach... 7 Service Management... 7 Vendor Accreditations/Awards...

More information

Software as a Service: Guiding Principles

Software as a Service: Guiding Principles Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially

More information

Texas Medical Records Privacy Act

Texas Medical Records Privacy Act A COALFIRE PERSPECTIVE Texas Medical Records Privacy Act Texas House Bill 300 (HB 300) Rick Dakin, CEO & Co-Founder Rick Link, Director Andrew Hicks, Director Overview The State of Texas has pushed ahead

More information

How a Cloud Service Provider Can Offer Adequate Security to its Customers

How a Cloud Service Provider Can Offer Adequate Security to its Customers royal holloway s, How a Cloud Service Provider Can Offer Adequate Security to its Customers What security assurances can cloud service providers give their customers? This article examines whether current

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

CLOUD FRAMEWORK & SECURITY OVERVIEW

CLOUD FRAMEWORK & SECURITY OVERVIEW CLOUD FRAMEWORK & OVERVIEW From small businesses to the largest Fortune 500 Enterprises, customers trust the irise cloud infrastructure when collaborating to define and design their applications. This

More information

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical

More information

9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania

9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania Evaluating and Managing Third Party IT Service Providers Are You Really Getting The Assurance You Need To Mitigate Information Security and Privacy Risks? Kevin Secrest IT Audit Manager, University of

More information