Auditing Cloud Computing and Outsourced Operations

Size: px
Start display at page:

Download "Auditing Cloud Computing and Outsourced Operations"

Transcription

1 Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, :30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls to Protect Information Assets

2 SPEAKER BIOGRAPHY Mike Schiller, CISA, is the director of global server, database, and storage infrastructure at Texas Instruments (TI) and is the co-author of IT Auditing: Using Controls to Protect Information Assets (2011, McGraw-Hill). He has more than 15 years of experience in the IT audit field, including as the worldwide IT audit manager at TI and as the IT audit manager at Sabre. He is an active speaker on IT auditing, including conferences such as CACS, InfoSec World, and ASUG, and has been an instructor of IT audit curriculum at Southern Methodist University. Schiller has held numerous IT leadership positions at TI, including as the director of user support, data centers, and asset management and manager of support for TI s web applications and infrastructure.

3 Agenda The Basics Vendor selection controls Items to include in vendor contracts Data security requirements Operational concerns Legal concerns and regulatory compliance Additional resources

4 The Basics

5 The Basics Why outsource IT services? Reduce costs Focus on core competencies

6 The Basics Two Categories of IT Outsourcing IT Systems and Infrastructure Outsourcing Hiring another company to provide your IT environment e.g. data center, servers, operating systems, applications Two sub-categories: Cloud computing Dedicated hosting IT Service Outsourcing Hiring another company to perform your IT operations functions (people and processes) e.g. help desk, PC support Two sub-categories On-site Off-site (or a hybrid)

7 The Basics Cloud Computing Definitions Gartner: a style of computing that provides scalable and elastic, ITenabled capabilities as a service to external customers via Internet technologies. NIST: a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Bottom line: Cloud computing provides IT services over the Internet in such a way that the end user doesn t have to worry about where the data is being stored, where the infrastructure is located, and so on.

8 The Basics Characteristics of Cloud Computing (NIST) On-Demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service

9 The Basics Cloud Computing Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS)

10 The Basics Software as a Service (SaaS) Access the cloud provider s applications, which are running on a cloud infrastructure. Company 1 Company 2 Company 3 Company 4 Dedicated Data Data Data Data Application Shared DBMS Middleware OS Network Physical Figure copyright 2011 The McGraw-Hill Companies

11 The Basics Platform as a Service (PaaS) Deploy applications you created or acquired onto the provider s cloud infrastructure, using programming languages and tools supported by the cloud provider. Dedicated Shared Company 1 Company 2 Company 3 Company 4 Data Data Data Data Application Application Application Application DBMS Middleware OS Network Physical Figure copyright 2011 The McGraw-Hill Companies

12 The Basics Infrastructure as a Service (IaaS) Deploy and run arbitrary software, which can include operating systems and applications. Dedicated Shared Company 1 Company 2 Company 3 Company 4 Data Data Data Data Application Application Application Application DBMS DBMS DBMS DBMS Middleware Middleware Middleware Middleware OS OS OS OS Network Physical Figure copyright 2011 The McGraw-Hill Companies

13 The Basics Dedicated Hosting Dedicated infrastructure provided by a third party. Examples: co-lo data center, ASP Dedicated Shared Company 1 Company 2 Company 3 Company 4 Data Data Data Data Application Application Application Application DBMS DBMS DBMS DBMS Middleware Middleware Middleware Middleware OS OS OS OS Network Network Network Network Physical Figure copyright 2011 The McGraw-Hill Companies

14 The Basics IT Systems and Infrastructure Outsourcing Model Comparisons Hosting IaaS PaaS SaaS Data Dedicated Dedicated Dedicated Dedicated Application Dedicated Dedicated Dedicated Shared DBMS Dedicated Dedicated Shared Shared Middleware Dedicated Dedicated Shared Shared OS Dedicated Dedicated Shared Shared Network / Servers Dedicated Shared Shared Shared Physical Data Center Shared Shared Shared Shared Figure copyright 2011 The McGraw-Hill Companies

15 The Basics IT Service Outsourcing Models On-site Off-site Other Considerations for IT Services Sourcing Other Considerations for IT Services Sourcing Supplemental Labor Offshoring

16 The Basics IT Service Sourcing Models Internal employees only Internal employees plus supplemental labor Outsourced: on-site Outsourced: off-site Outsourced: on-site/off-site mix For each of these models you can deploy For each of these models, you can deploy Onshore Offshore Onshore/offshore mix

17 The Basics SAS 70 Reports Provided a standard by which service organizations (such as those that provide IT services) could demonstrate the effectiveness of their internal controls without having to allow each of their customers to come in and perform their own audit. Focused on internal controls over financial reporting Performed by certified independent service auditor Type 1: Description of and opinion on the design of the service organization s internal controls at a point in time Type 2: Also contains the results of testing regarding whether the controls were operating effectively during the period under review Effectively replaced by SSAE 16 in 2011

18 The Basics Service Organization Control (SOC) Reports SOC 1 essentially replaces SAS 70 reports (focuses on financial controls), complete with Type 1 and Type 2 reports. Performed under SSAE 16 guidance. SOC 2 for non-financial controls restricted use for use between een auditors of a service provider and their clients. Can be Type 1 or Type 2. SOC 3 for non-financial controls general use can be used by service provider to provide assurance to potential clients and for marketing purposes SOC 2 and 3 use predefined control criteria related to security, availability, processing integrity, confidentiality, and privacy of a system and its information

19 Test Steps

20 Test Steps Categories: Preliminary Vendor Selection and Contracts Data Security Operations Legal Concerns and Regulatory Compliance Catch-all

21 Preliminary

22 Preliminary Test Steps 1. Request and review independent assessments (e.g. SOC reports, ISO 27001, web security certifications) Reduces your need to audit (and may in fact be all you re allowed to access) Include subcontracted functions (e.g. SaaS vendor using a co-lo data center) Review scope of assessment Identify gaps between your control objectives and those covered by assessment Review results and remediation plans Validate qualifications of certifying company Validate relevance of time period covered by assessment If assessments don t exist, attempt to perform your own Depends on the rights, influence, and relationship you have with your supplier (contract is key) This step is most applicable to cloud computing, dedicated hosting, and offsite service outsourcing

23 Vendor Selection and Contracts

24 Vendor Selection and Contracts Test Steps 1. Review contracts Your only true fallback mechanism Ensure they identify all pertinent deliverables, requirements, and responsibilities Early involvement is key here This step is applicable to all forms of outsourcing

25 Vendor Selection and Contracts Test Steps 1. Review contracts (continued): Key elements SLA s Availability, yperformance, support coverage, MTTR, other key performance indicators SLA s for security Encryption, access to your data, data retention and destruction, security training and background checks, business continuity, support for investigations, control frameworks Compliance / third-party assessments SAS 70, HIPAA, PCI Penalties for non-performance / conditions for terminating Right to audit clause Subcontracting relationships Right of denial Access to subcontractor s SAS 70 NDA s Evidence of procurement and legal involvement Anything else you care about!

26 Vendor Selection and Contracts Test Steps 2. Review the vendor selection process Key elements: Competitive bidding Predefined criteria Vendor financial stability Vendor experience and technical support capabilities Involvement Procurement, operations, legal Cost analysis (TCO) Startup activities Hardware and related power, cooling and maintenance Software and maintenance Storage Support (labor) Early involvement is key here This step is applicable to all forms of outsourcing

27 Data Security

28 Data Security Test Steps 1. Determine how your data is segregated from other customers Protection from other customers Protection from collateral damage (breaches and viruses) Controls depend on type of technology and outsourcing Segmented networks (dedicated hosting) Segregated databases (SaaS) This step is most applicable to cloud computing and dedicated hosting

29 Data Security Test Steps 2. Evaluate usage of encryption Reduces risk of a breach impacting confidentiality or integrity of your data Review encryption in transit (e.g. SSL) and at rest Specify algorithm and key length in contract Determine how key management is performed Ideally performed either by your company or by a separate vendor (providing SOD) This step is most applicable to cloud computing, dedicated hosting, and offsite service outsourcing

30 Data Security Test Steps 3. Determine how vendor employee access to your systems and data is controlled Approval process Minimum necessary access SOD Processes for hiring and screening employees Security training Third-party relationships and interfaces This step is most applicable to cloud computing, dedicated hosting, and offsite service outsourcing

31 Data Security Test Steps 4. Evaluate processes for controlling non-employee logical access to your internal network and internal systems Policies for approval and sponsorship Communication of company policies Removal of access upon termination This step is most applicable to onsite and offsite service outsourcing plus supplemental labor

32 Data Security Test Steps 5. Ensure that data stored at vendor locations is being protected in accordance with your internal policies No matter where you store your data, it is still subject to your internal policies and you still have responsibility for its protection Ensure compliance with your data classification policy Encryption helps here This step is most applicable to cloud computing and dedicated hosting

33 Data Security Test Steps 6. Review controls to prevent, detect, and react to attacks Intrusion Detection Intrusion Prevention Incident Response Discovering and Remediating Vulnerabilities Logging Patching Protection from Viruses and Other Malware This step is most applicable to cloud computing, dedicated hosting, and possibly offsite service outsourcing

34 Data Security Test Steps 7. Determine how identity management is performed Users can end up with accounts with multiple cloud providers, each requiring a unique ID and password Déjà vu Leads to poor governance Risk of account sharing, inconsistent password controls, poor account cleanup, employees with unnecessary access Look for usage of federated identity management Your vendor trusts your assertion that your user has been properly authenticated. Allows you to use your enterprise ID and provides benefits of centralized identity management Allows you to avoid storing user credentials with vendor If used, ensure your internal credential data isn t made directly available to the vendor and is encrypted If not used, review the identity management controls over your outsourced systems to ensure they meet your policy requirements This step is most applicable to cloud computing, particularly SaaS, and dedicated hosting, particularly of purchased applications.

35 Data Security Test Steps 8. Review data retention and destruction practices Should comply with internal policy Look for requirements regarding How long data should be active When and how long data should be archived When data should be destroyed Review evidence that lifecycle requirements have been implemented Concentrate especially on evidence that your vendor has destroyed data per your requirements This step is most applicable to clo d comp ting dedicated hosting and offsite ser ice o tso rcing (if the s pplier is This step is most applicable to cloud computing, dedicated hosting, and offsite service outsourcing (if the supplier is storing your data)

36 Data Security Test Steps 9. Review and evaluate the vendor s physical security Physical access can override logical access controls Review controls such as Badge readers and/or biometric scanners Security cameras Security guards Fences Lighting Locks and sensors Processes for granting physical access This step is most applicable to cloud computing, dedicated hosting, and offsite service outsourcing

37 Operations

38 Operations Test Steps 1. Evaluate processes for monitoring the quality of outsourced operations Determine how compliance with SLAs and other contractual requirements are monitored Availability Performance Vendor response time to support requests Issue resolution time Security and compliance requirements Other key metrics and performance indicators If you don t monitor, you won t know if the vendor is delivering per your contract Review metrics slides from operations reviews corrective action plans Review metrics, slides from operations reviews, corrective action plans This step is applicable to all forms of outsourcing

39 Operations Test Steps 2. Ensure adequate disaster recovery processes are in place Two angles to review: The vendor s disaster recovery procedures Expect your vendor to follow sound DR practices (offsite backups, documented recovery procedures, periodic testing, HW redundancy, etc.) Documented procedures for how your company would recover in the event of a disaster at your vendor Notification and escalation procedures Hand-offs between ee you and vendor during recovery e Manual workarounds while waiting for recovery Contingency plans if the vendor can t recover for extended period (or ever) This step is most applicable to cloud computing, dedicated hosting, and offsite service outsourcing

40 Operations Test Steps 3. Review governance over engagement of new cloud services Cloud computing makes it easy to outsource without engaging with IT, legal, procurement, etc. Potential to bypass all of the governance processes normally in place to ensure proper security of company data, interoperability of systems, appropriate support capabilities Review policies, awareness, and enforcement practices This step is most applicable to cloud computing

41 Operations Test Steps 4. Review plans to be used in the event of termination of the outsourcing relationship Should address expected or unexpected termination Avoid vendor lock-in Retain leverage to influence price and service quality Portability of systems and data is key Documented plan for bringing function in-house (or moving to another vendor) Identification of alternate vendors Interim contingency plans for keeping the business running Return of your data and assets Data delivered periodically in predefined format Code in escrow This step is applicable to all forms of outsourcing

42 Operations Test Steps 5. Review the vendor s processes for ensuring quality of staff and minimizing the impact of turnover Documented job descriptions and minimum qualifications for each position Employee screening process / background checks Turnover protection pipeline and cross-training Processes to maintain employee skills (training programs) Attendance monitoring If offshore: Language training Hand-off / status meetings Extra emphasis on attendance monitoring Local employee for monitoring and oversight This step is most applicable to IT service outsourcing (onsite and offsite)

43 Legal Concerns and Regulatory Compliance

44 Legal and Regulatory Test Steps 1. Review your ability to obtain data needed to support investigations May be needed for e-discovery or internal investigations You re legally responsible for your information, regardless of where it s stored Review the contract for Log requirements Requirements for response time to requests Defined responsibilities i (who is responsible for conducting searches, freezing data, providing expert testimony) This step is most applicable to cloud computing

45 Legal and Regulatory Test Steps 2. Review requirements for security breach notifications Definition of what constitutes a breach When and how you should be notified by vendor Clearly defined internal processes when notified of breach Contractual penalties for costs incurred This step is most applicable to cloud computing and dedicated hosting

46 Legal and Regulatory Test Steps 3. Determine how compliance with applicable privacy laws and other regulations is ensured You are responsible no matter where your data is stored Contractual requirements for compliance with PCI, HIPAA, etc. and for external certification of compliance Internal process for obtaining reports, reviewing results, and tracking issues Contractual language specifying who is liable in the event of noncompliance This step is most applicable to cloud computing and dedicated hosting

47 Legal and Regulatory Test Steps 4. Review processes for ensuring software license compliance Consider software hosted offsite or used by non-employees Inventory of entitlements and deployments Process for investigating and addressing discrepancies This step is applicable to all forms of outsourcing

48 Catch all

49 Catch all Test Steps 1. Perform audit steps from normal internal audits as applicable The risks present for an insourced function are also present for an outsourced function Examples: Data center physical security and environmental controls Application controls (access controls, change controls, data input controls) Operating system security Database security Pick your battles You won t have the same level of access as you would for an internal system Depends on the rights, influence, and relationship you have with your supplier (contract is key) This step is applicable to all forms of outsourcing

50 Resources

51 Resources The National Institute of Standards and Technology (NIST) Definitions and standards related to cloud computing Guidance for secure usage. The Cloud Security Alliance (CSA) org Promotes best practices for security with cloud computing ISACA White paper on cloud computing security The cloud security blog org/ IT Auditing: Using Controls to Protect Information Assets, Second Edition by Chris Davis and Mike Schiller

52 Thank you!

53 Collaborate Contribute Connect The Knowledge Center is a collection of resources and online communities that connect ISACA members globally, across industries and by professional focus - under one umbrella. Add or reply to a discussion, post a document or link, connect with other ISACA members, or create a wiki by participating in a community today!

Auditing Cloud Computing and Outsourced Operations

Auditing Cloud Computing and Outsourced Operations 14 CHAPTER Auditing Cloud Computing and Outsourced Operations In this chapter, we will discuss key controls to look for when you are auditing IT operations that have been outsourced to external companies,

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Cloud Computing: Risks and Auditing

Cloud Computing: Risks and Auditing IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG

More information

Services Providers. Ivan Soto

Services Providers. Ivan Soto SOP s for Managing Application Services Providers Ivan Soto Learning Objectives At the end of this session we will have covered: Types of Managed Services Outsourcing process Quality expectations for Managed

More information

The Keys to the Cloud: The Essentials of Cloud Contracting

The Keys to the Cloud: The Essentials of Cloud Contracting The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

Cloud Computing Thunder and Lightning on Your Horizon?

Cloud Computing Thunder and Lightning on Your Horizon? Cloud Computing Thunder and Lightning on Your Horizon? Overview As organizations automate more and more of their manual processes, the Internet is increasingly becoming an important tool in the delivery

More information

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

Enterprise Governance and Planning

Enterprise Governance and Planning GEORGIA TECHNOLOGY AUTHORITY Title: Enterprise Operational Environment PSG Number: SO-10-003.02 Topical Area: Operations / Performance and Capacity Document Type: Standard Pages: 5 Issue Date: July 15,

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization

More information

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies

More information

Anatomy of a Cloud Computing Data Breach

Anatomy of a Cloud Computing Data Breach Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

The Elephant in the Room: What s the Buzz Around Cloud Computing?

The Elephant in the Room: What s the Buzz Around Cloud Computing? The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton

More information

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

Pharma CloudAdoption. and Qualification Trends

Pharma CloudAdoption. and Qualification Trends Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Cloud Computing: Compliance and Client Expectations

Cloud Computing: Compliance and Client Expectations Cloud Computing: Compliance and Client Expectations February 15, 2012 MOSS ADAMS LLP 1 TODAY S PRESENTERS Moderator Kevin Villanueva, CPA, CISA, CISM, CITP, CRISC Sr. Manager, Infrastructure and Security

More information

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Vendor Management Best Practices

Vendor Management Best Practices 23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion

More information

Cloud Computing; What is it, How long has it been here, and Where is it going?

Cloud Computing; What is it, How long has it been here, and Where is it going? Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

University of Pittsburgh Security Assessment Questionnaire (v1.5)

University of Pittsburgh Security Assessment Questionnaire (v1.5) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided

More information

Data Privacy, Security, and Risk Management in the Cloud

Data Privacy, Security, and Risk Management in the Cloud Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

Seeing Though the Clouds

Seeing Though the Clouds Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating

More information

Security from a customer s perspective. Halogen s approach to security

Security from a customer s perspective. Halogen s approach to security September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving

More information

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors 1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance

More information

Cloud Vendor Evaluation

Cloud Vendor Evaluation Cloud Vendor Evaluation Checklist Life Sciences in the Cloud Cloud Vendor Evaluation Checklist What to evaluate when choosing a cloud vendor in Life Sciences Cloud computing is radically changing business

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham The dynamic provisioning of IT capabilities, whether hardware, software, or

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University Cloud Computing: Opportunities, Challenges, and Solutions Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University What is cloud computing? What are some of the keywords? How many of you cannot

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

Top 10 Cloud Risks That Will Keep You Awake at Night

Top 10 Cloud Risks That Will Keep You Awake at Night Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Welcome & Introductions

Welcome & Introductions Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

{Moving to the cloud}

{Moving to the cloud} {Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

The HIPAA Security Rule: Cloudy Skies Ahead?

The HIPAA Security Rule: Cloudy Skies Ahead? The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC HIPAA and the Cloud In the past several years, the cloud has become an increasingly

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses.

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses. Clarity in the Cloud Defining cloud services and the strategic impact on businesses. Table of Contents Executive Summary... 3 Cloud Services... 4 Clarity within the Cloud... 4 Public Cloud Solution...

More information

How to procure a secure cloud service

How to procure a secure cloud service How to procure a secure cloud service Dr Giles Hogben European Network and Information Security Agency Security in the cloud contracting lifecycle Can cloud meet your security requirements Choose the provider

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

PCI Compliance for Cloud Applications

PCI Compliance for Cloud Applications What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage

More information

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Cloud Security & Risk Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Agenda About Compass Overcast - Cloud Overview Thunderheads - Risks in the Cloud The Silver Lining - Security Approaches

More information

Securing The Cloud With Confidence. Opinion Piece

Securing The Cloud With Confidence. Opinion Piece Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery

More information

Wednesday, January 16, 2013

Wednesday, January 16, 2013 Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL 60654 312.832.4500 Wednesday,

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

security in the cloud White Paper Series

security in the cloud White Paper Series security in the cloud White Paper Series 2 THE MOVE TO THE CLOUD Cloud computing is being rapidly embraced across all industries. Terms like software as a service (SaaS), infrastructure as a service (IaaS),

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

The Cloud Computing Revolution: Beyond the Hype

The Cloud Computing Revolution: Beyond the Hype The Cloud Computing Revolution: Beyond the Hype KEN ADLER Partner and Chair, Technology and Outsourcing Practice Group Loeb & Loeb LLP Outsourcing in Financial Services Program October 19, 2010 Overview

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active

More information

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

Supplier Security Requirements and Expectations. Baseline Requirements for all Suppliers

Supplier Security Requirements and Expectations. Baseline Requirements for all Suppliers Supplier Security Requirements and Expectations Supplier Name: Address: Respondent Name & Role: Baseline Requirements for all Suppliers Support Location: Contact Number: Supplier Profile: What is your

More information

Cloud Computing Contracts Top Issues for Healthcare Providers

Cloud Computing Contracts Top Issues for Healthcare Providers Cloud Computing Contracts Top Issues for Healthcare Providers North Carolina Bar Association Health Law Section Annual Meeting NC Bar Center Cary, North Carolina April 23, 2015 Presenters Kathryn Brucks,

More information

An Agile and Scalable Mobile Workplace

An Agile and Scalable Mobile Workplace Innovapptive Technology Thought Leadership - Executive Report An Agile and Scalable Mobile Workplace Innovapptive SAP Mobile Hosting Solutions Brief Innovapptive s SAP Mobile Hosting Solutions for SAP

More information