Canvassing the Cloud. An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Canvassing the Cloud. An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies"

Transcription

1 Canvassing the Cloud An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies

2 Contents Foreword 1 Insights from the study 2 Defining the Cloud 3 Study results 4 General 4 Business benefits 6 Security 9 Legal 11 Risk 17 Technical 19 Background to study and respondents Roles within organisations: 3% Annual turnover of organisation: 30% 14% 37% Management Procurement IT Legal Risk / Compliance 40% 40% 150m m < 10m Chose not to answer 16% 17% 3% Geographical spread of organisation s responsibility: 3% 44% 8% 7% 14% 24% Africa Americas 12% Asia Europe Central and Eastern Europe Middle East Oceania (incl. Australia and New Zealand) Location of current / likely Cloud provider: 3% 3% 3% 3%3% 18% 45% Europe Western Europe UK Europe Western Europe non UK Americas North America Europe Central and Eastern Europe Americas South America Asia East Asia Asia South East Asia Oceania (incl. Australia and New Zealand) Don t know The online study was conducted over a 6 week period (closing May 2012)

3 1 Foreword In the space of just a few years, Cloud computing has gone from a strange and unfamiliar technology to an innovative force that is changing the way suppliers and customers are using IT. To further understand how organisations have successfully realised the benefits of Cloud computing and explore the current perceived legal and technical risks to adopting Cloud services, Eversheds LLP and PA Consulting Group joined forces to undertake a study of a collection of senior business leaders including CFOs, General Counsel and other in-house counsel and IT heads the headline results of which are set out in this report. We hope you find the contents of the report useful and thought-provoking and we would welcome any comments on the findings. For further information, please contact: Charlotte Walker-Osborn Partner and Head of TMT Sector Eversheds LLP Direct: Mob: Conrad Thompson Partner PA Consulting Group Direct: Mob:

4 2 Insights from the study 1. Legal issues are still perceived as a significant barrier to adoption of the cloud. 2. The standard and/or negotiated contractual documentation which is entered in to does not always match the Cloud offering being purchased. 3. The technical challenges of adopting Cloud have largely been solved, yet organisations commercial and business models are not always optimised to achieve the full benefits. 4. The management style of Cloud contracts hasn t evolved from the management of traditional IT services, resulting in the loss of benefits and innovation potential of the Cloud. 4. The language between service providers and business customers can be misunderstood, with some providers focusing on the technical capabilities and perceived benefits without always recognising the commercial and business challenges.

5 3 Defining the Cloud Cloud is a flexible way of consuming managed computing services. There are various models and service definitions but, in this study, we focus only on Enterprise Cloud services. Enterprise Cloud has the following attributes from a user perspective: Shared resources (hosting, storage, , collaboration services, helpdesk); Delivered and managed by someone else (i.e. not the user s organisation); Easy to access from a modern user interface such as a browser or applet; Meets the functional and capacity needs of the individual or business; Always on (with apparent 100% availability) and is accessible anywhere from any device; Implicitly secure; Delivers consistent and dependable performance; and Contracted on a Pay-As-You-Go (PAYG) basis. Do you agree with our definition? 30% 60% Yes No Don t know Why do you say that?...the definition is what we d like Enterprise Cloud to be but I m not convinced it s there yet. Not all Cloud providers will give pure PAYG, private Cloud may require start up investment. It gives true flexibility of service provision. Not sure about the security aspect... I agree with most statements, but not that it is implicitly secure or always on....there are very few providers that have actually made the transition to pay-asyou-go - most are still licensing by seat.

6 4 Study results General G1. Does your organisation already use Cloud services? 17% 43% Yes, widespread use Yes, occasional use No 40% G2. How likely is it that you will procure Cloud services in the next 12 months? 8% 8% 15% 15% 54% Very unlikely Unlikely Neither likely or unlikely Likely Very likely

7 5 G3. What are the key barriers to the adoption of Cloud for your organisation? Obtaining necessary customer consent 9% Reliability / availability Increased dependency on supplier Loss of control of IT management processes Degree of internal organisational change to realise benefits Negative publicity / bad PR when things go wrong 18% 18% 18% 18% 18% Political restrictions Promised savings can t actually be realised 27% 27% Lack of portability on exit Legal restrictions Existing application performance, if hosted remotely 36% 36% 36% Regulatory restrictions Cloud services maturity and market adoption 45% 45% Security of the data 64% 0% 20% 30% 40% 50% 60% 70% *respondents were able to choose multiple options A sample of respondents choosing political restrictions as a barrier, gave the following examples: Lack of exposure, experience and trust in Cloud services NHS organisations are governed by an IT toolkit by which all NHS organisations must conform Loss of control A sample of respondents choosing legal restrictions as a barrier, gave the following examples: Data protection and remote hosting Regulatory issues in certain EMEA jurisdictions regarding how some business records must be kept (in territory and in hard copy) Dealing with a lot of personal and commercial information A sample of respondents choosing regulatory restrictions as a barrier, gave the following examples: Some countries require that all business data is hosted within that country - typically no Infrastructure as a Service (IaaS) services are available locally Health records are geographically restricted to where they can be stored

8 6 Business benefits B1. What business benefits have you realised from implementing the Cloud? Lower headcount 14% Internal IT department focus on business challenges / strategic proje.cts 21% Improved service levels 29% Reduced reliance on internal technical expertise Reduction in un-supported technology 36% 36% New capabilities Increased delivery agility 50% 50% Lower cost 64% Scalability 71% 0% 20% 30% 40% 50% 60% 70% 80% *respondents were able to choose multiple options B2. How do you measure and ensure your Cloud solutions deliver on your objectives? 60% 56% 50% 50% 44% 40% 38% 30% 25% 20% 19% 6% 0% Service level report User satisfaction survey Cost savings Management meetings Audit Payment of service credits for non-achievement of SLAs Not measured *respondents were able to choose multiple options

9 7 B3. To what extent have you achieved the expected benefits and how have you measured these? Still defining measures / KPIs Not measured / tracked Cloud adoption has not been as beneficial as expected Evidence of tangible benefits equal to or greater than expected Benefits realised but most of benefits are non-tangible 20% 20% Benefits delivered close to expected, but lack of evidence to support the benefits 30% 0% 5% 15% 20% 25% 30% B4. What does your Cloud contract pricing model include? Capped Burst Capacity Minimum monthly service payment Prices reduce with usage volume Transparent pricing Definitely not included Sometimes included Definitely included Don t know Pure PAYG on demand Costs to stop / exit Cloud services Costs to start up Cloud services 0% 20% 30% 40% 50% 60% 70% 80% 90% 100% *respondents rated on a scale of 1-3 (where 1 is low/not included and 3 is high/included) or answered Don t know

10 8 B5. How do you evaluate and assess the services offered by your Cloud service provider? 40% 40% 35% 30% 25% 20% 22% 22% 15% 6% 5% 0% Benchmark vendor services against the services offered by its closest competitors Conduct a gap analysis between vendor services and services offered by in-house IT / outsourced on-site service provider Benchmark vendor services against industry best practices Don t know Accept the standard package offered by the vendor

11 9 Security S1. What are the top 3 concerns, in order of importance, for your security teams? Patching Regulatory / legal concerns Data segregation policies Server Security Back-up / Replication policies 3rd priority 2nd priority Top priority Network Security Encryption Physical Security 0% 20% 40% 60% 80% 100%

12 10 S2. To what extent would you require Cloud vendors to tailor their security processes and controls? 50% 44% 40% 32% 30% 20% 12% 4% 4% 4% 0% To my requirements in key cases only Completely or mainly customised to meet my organisation s internal security requirements Not particularly concerned, as long as the supplier can demonstrate industry best practice Not particularly concerned, as long as we can audit processes and controls Proportionately Don t know A sample of respondents choosing to my requirements in key cases only, gave the following examples: New physical servers SSO Federated ID Management Central Claims via SMAL assertions Industry regulation IL3 Secure encryption Geographical ring-fencing Storage of data on and off shore Customer data PCI DSS compliance FSA obligations Safe harbour data management for US / overseas servers Golden server images Evaluation v commercial Privacy legislation

13 11 Legal L1. Would EU (or other) data protection compliance concerns stop you from using a Cloud service? 50% 50% 40% 38% 30% 28% 25% 20% 21% 0% If data location non-eu / EEA based or not in a location deemed safe under data protection laws If personal data Possibly For high risk data Always *respondents were able to choose multiple options Of respondents confirming EU data protection is a concern, risks are regarded as: Data compromise or security breaches (85% of respondents) Damage to reputation (69% of respondents) Fines, enforcement action, claims for non-compliance (58% of respondents) Business disruption (38% of respondents) Patriot Act, foreign Authority, litigation discovery access or seizure (38% of respondents) *respondents were able to choose multiple options

14 12 L2. Which types of data would you be uncomfortable with being hosted by a Cloud provider? Others Procurement information Protectively marked materials Corporate file shares / general storage of documentation Corporate Company financial projections Company core financial data Information on business customers Customer information / data where customers are consumers HR / payroll information regarding staff E-discovery data for litigation Roll out plans / business plans Patents and other product development data 0% 20% 30% 40% 50% 60% 70% 80% 90% 100% Don t know With the data being hosted outside of the EU / EEA* With the data being hosted externally by any cloud provider *or in any country that was not deemed safe under relevant data protection laws

15 13 L3. What types of Cloud services would you be prepared to unconditionally agree to in the supplier s standard terms and conditions? External payment services Development and test infrastructure environments 18% 18% 18% Internal-facing websites / portals Customer-facing websites / portals Production infrastructure environments 24% 24% 24% SaaS for regulated applications 29% Established SaaS applications 35% External information feeds 76% 0% 20% 30% 40% 50% 60% 70% 80% *respondents were able to choose multiple options L4. What level of contractual liability protection against loss best describes what you would expect from a Cloud supplier before signing up? 35% 32% 30% 27% 25% 20% 15% 14% 12% 5% 5% 5% 5% 0% Liability to cover likely losses and their likely value Unlimited liability *respondents were able to choose multiple options Upfront service level agreement with pre-agreed sum Limited liability to a maximum of charges in last 12 months Limited liability to cost of services across the life of a deal Monetary cap for breaches expected to be much lower than likely monetary loss Other

16 14 L5. Your Cloud service(s) experiences an outage (so that the Cloud service could not be accessed or used for a period of time) what contractual comfort would you expect to be written in to your contract (without which you would not sign up)? You would accept paying a termination fee to exit the Agreement, regardless of the reason 6% Right to terminate the contract quickly and without charge, if there is one significant outage 15% Service credit payable, which fully or significantly recompenses your business for its losses 18% Service credit payable, accepting this will not fully recompense your business for its losses 21% Right to terminate the contract quickly and without charge, if there are a number of outages in any month exceeding a set period 40% 0% 5% 15% 20% 25% 30% 35% 40% A sample of respondents choosing the right to terminate the contract quickly and without charge in the event of one significant outage gave the following examples as significant : Any loss of capability resulting in any patient safety issues, negative financial issues or damaging to our reputation. 24 hours is maximum. A sample of respondents choosing the right to terminate the contract quickly and without charge in the event of a number of outages in any month exceeding a set period, gave the following examples: 3 periods in a row or any 4 periods in a 6 month period. Depends on severity. Once is too much... A sample of respondents choosing to expect a decent service credit payable that fully or significantly recompenses your business for its loss, gave the following percentages of the monthly or annual service charge they would expect to claim: Should be on a pro-rata basis I.e. 7 days outage = 25% of monthly charge. Full credit for period of non use. A sample of respondents choosing to expect a decent service credit payable accepting that this will not fully recompense your business for its loss, gave the following percentages of the monthly or annual service charge they would expect to claim: 100% of cost from downtime plus financial loss (if applicable). Sliding scale on severity and down time. Respondents choosing to accept paying a termination fee, 25% is the expected level of termination fee.

17 15 L6. Your Cloud service(s) experiences an outage (so that the Cloud service could not be accessed or used for a period of time) what are your expectations in relation to service restoration? 6% 6% 6% 17% 65% All critical data restored within 4 business hours (with the rest of the data restored within a number of business days) All data restored within 4 business hours All critical data restored within 1 business day (with the rest of the data restored within a number of business days) All data restored within 1 business day Lower expectations than any of the above but expect a reasonable endeavours commitment from supplier to restore as soon as reasonably possible L7. How do you measure that the key legal protections and business benefits of Cloud solutions are being met? 34% 33% Annual audit Monthly service level reports Other 33% L8. Do you have insurance to cover data losses under your Cloud contract? 4% 14% 32% 50% No Don t know Yes, capped Yes, unlimited

18 16 L9. Are you comfortable signing up to a Cloud contract that is not subject to the law in the jurisdiction in which your organisation is registered? 20% Uncomfortable Comfortable 80% L10. What dispute resolution clause provisions would you insist on being included in your Cloud contract? 80% 80% 70% 60% 60% 60% 50% 40% 30% 20% 20% 0% Escalation provisions Court located in the jurisdiction that matches the law of the contract Court located in customer s location Mediation *respondents were able to choose multiple options

19 17 Risk R1. Which risk factors are most important when adopting a specific new Cloud service? Mature and transparent currency market Stable political and legislative environment Number of other Cloud services operating in that jurisdiction Restrictions / limitations on the ability of third parties to access data Most important 2nd 3rd 4th 5th Least important Strength of local applicable Data Protection / privacy laws Performance and reliability of communications 0% 20% 30% 40% 50% 60% 70% 80% 90% 100% *respondents rated on a scale of 1-6 (where 1 is most important and 6 is least important) A sample of respondents also commented: Performance and reliability is critical, but only relevant if the supplier is operating from a base of robust data protection laws and political stability free from endemic corruption/espionage....the service has to work in the first place so performance is critical, as is knowing the risk of changes that may affect access to the data. Security and the political environment are key...

20 18 R2. What risks would you seek to mitigate in your Cloud computing contract? Lack of recompense Data loss Lack of full functionality Clarity of service Most important 2nd 3rd 4th Least important Downtime / lack of availability 0% 20% 30% 40% 50% 60% 70% 80% 90% 100% *respondents rated on a scale of 1-6 (where 1 is most important and 6 is least important) A sample of respondents also commented: Lack of functionality will prevent us achieving our main objectives and bring a halt to all activity within our organisation. Recompense can always be addressed post-incident. Industry regulations - if data is lost, all or most of our investment is gone. Loss of data will impact more materially than downtime business reputation and thus performance.

21 19 Technical T1. Do any of your Cloud services involve data moving across regional boundaries for back-up or disaster recovery purposes? 5% 20% 55% No Don t know Yes (including personal data, and will involve leaving EEA*) Yes (including personal data and not involving exiting EEA*) Yes (non-personal data only) *or in any country that was not deemed safe under relevant data protection laws T2. Compared with your non-cloud Disaster Recovery environment, what does your contract provide you with? 35% 15% 15% 35% Better Same Worse Don t know T3. How is your team best equipped to respond to the challenges raised by the Cloud? Service desk 18% Service integration 27% Demand management Business relationship management 36% 36% Sourcing and vendor management Monitoring Risk and security Strategy and architecture Performance management 45% 45% 45% 45% 45% 0% 20% 30% 40% 50% *respondents were able to choose multiple options

22 20 T4. In the event of a total disaster (e.g. Data Centre destruction) what does your supplier offer? 30% 50% I don t know Full functionality restored No restore Tiered priority restores for critical services only T5. What features are included in your Cloud contract? Parts of the service are sub-contracted, e.g. burst capacity Technology refresh performed automatically with no service interruption Included 2nd Not included Instant access to world-class innovations 0% 20% 30% 40% 50% 60% 70% 80% 90% 100% *respondents rated on a scale of 1-3 (where 1 is low/not included and 3 is high/included) or answered Don t know

23

24 Eversheds LLP Eversheds LLP is a limited liability partnership. ETMT.015

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions Financial Conduct Authority Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions Introduction 1. A firm has many choices when designing its operating model

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Building trust in the cloud. Alastair McAulay PA Consulting Group

Building trust in the cloud. Alastair McAulay PA Consulting Group Building trust in the cloud overcoming the inhibitors Alastair McAulay PA Consulting Group PA Knowledge Limited 2011. 2 Introduction Introduction to Alastair McAulay 25 year s experience in the IT Services

More information

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler Cloud computing Alessandro Galtieri, Senior Lawyer, Colt Technology Services, London, UK Pavel Klimov, General Counsel EMEA, Unisys, London, UK Severin Loeffler, Assistant General Counsel, Central Eastern

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

OUTSOURCING REGULATIONS IN THE BANKING AND INSURANCE INDUSTRIES IN ASIA PACIFIC

OUTSOURCING REGULATIONS IN THE BANKING AND INSURANCE INDUSTRIES IN ASIA PACIFIC OUTSOURCING REGULATIONS IN THE BANKING AND INSURANCE INDUSTRIES IN ASIA PACIFIC Bridging Borders Webinar Series 1 Welcome Welcome You are on mute A link to a recording of the webinar will be available

More information

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham The dynamic provisioning of IT capabilities, whether hardware, software, or

More information

Client Alert. Global Information Technology & Communications Privacy, Data Protection and Information Management

Client Alert. Global Information Technology & Communications Privacy, Data Protection and Information Management Global Information Technology & Communications Privacy, Data Protection and Information Management Client Alert Umbrellas for Clouds: Risk Mitigation Strategies for SaaS Transactions www.bakermckenzie.com

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

Managing Outsourcing Arrangements

Managing Outsourcing Arrangements Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Microsoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions

Microsoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions Microsoft Pty Ltd Australian Financial System Inquiry: Response to request for further submissions August 2014 1 Response in relation to Chapter 9 of the Interim Report Microsoft is pleased to respond

More information

3 rd Party Vendor Risk Management

3 rd Party Vendor Risk Management 3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

Security and Services

Security and Services Written by Maxine Holt, May 2005 TA000824SAS Technology Infrastructure Butler Group Subscription Services Security and Services TECHNOLOGY AUDIT Symantec Corporation Managed Security Service (MSS) Abstract

More information

Insights into Cloud Computing

Insights into Cloud Computing This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

CLOUD COMPUTING Jillian Raw Partner, Kennedys. http://www.kennedys-law.com/jraw/

CLOUD COMPUTING Jillian Raw Partner, Kennedys. http://www.kennedys-law.com/jraw/ CLOUD COMPUTING Jillian Raw Partner, Kennedys http://www.kennedys-law.com/jraw/ Cloud Computing- what they say about it the cloud will transform the information technology industry profoundly change the

More information

Cloud Backup Recovery and Restore Requirements

Cloud Backup Recovery and Restore Requirements Cloud Backup Recovery and Restore Requirements Ashar Baig, Asigra Chairman, SNIA Cloud Backup Recovery and Restore (BURR) Special Interest Group (SIG) SNIA Legal Notice The material contained in this tutorial

More information

Securing The Cloud With Confidence. Opinion Piece

Securing The Cloud With Confidence. Opinion Piece Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there A white paper from Fordway on CLOUD COMPUTING Why private cloud should be your first step on the cloud computing journey - and how to get there PRIVATE CLOUD WHITE PAPER January 2012 www.fordway.com Page

More information

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

The NREN s core activities are in providing network and associated services to its user community that usually comprises: 3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of

More information

www.mtservices.co.uk MT Services Computer Systems Ltd MT Services SystemCare

www.mtservices.co.uk MT Services Computer Systems Ltd MT Services SystemCare MT Services Computer Systems Ltd MT Services SystemCare As technology continues to have a substantial business impact, having an expert IT solutions partner can significantly improve your business performance,

More information

IBM Smartcloud Managed Backup

IBM Smartcloud Managed Backup IBM Smartcloud Managed Backup Service Definition 1 1. Summary 1.1 Service Description The IBM SmartCloud Managed Backup service provides public, private and hybrid cloudbased data protection solutions

More information

Quick guide: Using the Cloud to support your business

Quick guide: Using the Cloud to support your business Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses

More information

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

Why you need Cryoserver for your Office 365 cloud service

Why you need Cryoserver for your Office 365 cloud service Why you need Cryoserver for your Office 365 cloud service March 2014 FCS (UK) Ltd +44(0)800 280 0525 (EMEA) 1-866-311-1652 (US Toll Free) info@cryoserver.com www.cryoserver.com Introduction Contents Introduction...

More information

A LEGAL GUIDE TO CLOUD COMPUTING

A LEGAL GUIDE TO CLOUD COMPUTING A LEGAL GUIDE TO CLOUD COMPUTING INTRODUCTION Many companies are considering implementation of cloud computing services to decrease IT costs while providing the flexibility to scale usage on demand. The

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Ubertas Cloud Services: Service Definition

Ubertas Cloud Services: Service Definition Ubertas Cloud Services: Service Definition February 2013 Innovation. Power. Trust. Contents 1. About Ubertas... 2 Our Company... 2 Our Approach to Service Delivery... 2 Our Partner Network & the UK Cloud

More information

Proposed guidance for firms outsourcing to the cloud and other third-party IT services

Proposed guidance for firms outsourcing to the cloud and other third-party IT services Guidance consultation 15/6 Proposed guidance for firms outsourcing to the cloud and other third-party IT services November 2015 1. Introduction and consultation 1.1 The purpose of this draft guidance is

More information

Marval Software Limited. G Cloud iii Framework Service Definition

Marval Software Limited. G Cloud iii Framework Service Definition 1 Marval Software Limited G Cloud iii Framework Service Definition Page 1 of 9 2 Contents An overview of the Marval Service Management (MSM) Software Solution... 3 Information assurance Impact Level (IL)

More information

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq. Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity Amy Mushahwar, Esq. What s New? Not That Much. Some have their heads in the cloud we prefer to stay down in the weeds and know

More information

Third party assurance services

Third party assurance services TECHNOLOGY RISK SERVICES Third party assurance services Delivering assurance over your service providers The current third party service provider environment Corporate UK has been transformed in recent

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Law Firm Outsourcing. Bradley S. Christmas Akin Gump Strauss Hauer & Feld LLP and Brad L. Peterson Mayer, Brown, Rowe & Maw

Law Firm Outsourcing. Bradley S. Christmas Akin Gump Strauss Hauer & Feld LLP and Brad L. Peterson Mayer, Brown, Rowe & Maw Law Firm Outsourcing Bradley S. Christmas Akin Gump Strauss Hauer & Feld LLP and Brad L. Peterson Mayer, Brown, Rowe & Maw August 24, 2006 0 Today s Agenda Outsourcing Overview Advantages and disadvantages

More information

A Managed Storage Service on a Hybrid Cloud

A Managed Storage Service on a Hybrid Cloud A Managed Storage on a Hybrid Cloud Business Context Sustainability Improve procurement & contract management Embrace and optimise advances in technology Environmental improvement & carbon reduction Global

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything

More information

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses.

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses. Clarity in the Cloud Defining cloud services and the strategic impact on businesses. Table of Contents Executive Summary... 3 Cloud Services... 4 Clarity within the Cloud... 4 Public Cloud Solution...

More information

CyberEdge Insurance Proposal Form

CyberEdge Insurance Proposal Form Note to the Proposer Signing or completing this proposal does not bind the Proposer, or any individual or entity he or she is representing to complete this insurance. Please provide by addendum any supplementary

More information

What is the Cloud and Saas? Introducing the Cloud and its Benefits

What is the Cloud and Saas? Introducing the Cloud and its Benefits Powerful Cloud based Accounting Software for Mid-Sized Businesses including Multiple Company Consolidation. What is the Cloud and Saas? Introducing the Cloud and its Benefits The Cloud refers to the practice

More information

How not to lose your head in the Cloud: AGIMO guidelines released

How not to lose your head in the Cloud: AGIMO guidelines released How not to lose your head in the Cloud: AGIMO guidelines released 07 December 2011 In brief The Australian Government Information Management Office has released a helpful guide on navigating cloud computing

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Corporate Compliance: A Global Perspective

Corporate Compliance: A Global Perspective Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming

More information

Cyber and Data Security. Proposal form

Cyber and Data Security. Proposal form Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which

More information

IT OUTSOURCING SECURITY

IT OUTSOURCING SECURITY IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1 CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities

More information

RISK MANAGEMENt AND INtERNAL CONtROL

RISK MANAGEMENt AND INtERNAL CONtROL RISK MANAGEMENt AND INtERNAL CONtROL Overview 02-09 Internal control the Board meets regularly throughout the year and has adopted a schedule of matters which are required to be brought to it for decision.

More information

Secure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net

Secure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net Secure Enterprise Mobility Management White Paper: Cloud-Based Enterprise Mobility Management soti.net Background Facing a business environment of constant change and increasing complexity, enterprises

More information

The Cloud and Cross-Border Risks - Singapore

The Cloud and Cross-Border Risks - Singapore The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

August 2011. Report on Cloud Computing and the Law for UK FE and HE (An Overview)

August 2011. Report on Cloud Computing and the Law for UK FE and HE (An Overview) August 2011 Report on Cloud Computing and the Law for UK FE and HE (An Overview) Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.

More information

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Cyber Security and Cloud Computing Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Scope of Today SME Attractors for Cloud Switching to the Cloud Public Private Hybrid Big

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

Email Archiving Benefits

Email Archiving Benefits www.sonasoft.com INTRODUCTION In this digital age, small and medium businesses (SMBs) continue to rely heavily on e mail as their primary form of business communications. This has led to a proliferation

More information

custom hosting for how you do business

custom hosting for how you do business custom hosting for how you do business 24775 League Island Boulevard Philadelphia PA 19112 gibraltarit.com 866.410.4427 Gibraltar s replicated cloud architecture and PCI/HIPAA compliant data centers provide

More information

A Guide to. Cloud Services for production workloads

A Guide to. Cloud Services for production workloads A Guide to Cloud Services for production workloads Intro Workload Requirements Matter Intro With the benefits of the cloud supported by both research and case studies, a growing number of cloud service

More information

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0 ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright

More information

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING 1. Overview and Background On 27 September 2012, the European Commission adopted a strategy for "Unleashing the potential of cloud computing in

More information

Data Privacy in the Cloud: A Dozen Myths & Facts

Data Privacy in the Cloud: A Dozen Myths & Facts Data Privacy in the Cloud: A Dozen Myths & Facts March 7-9 Washington DC Presented by: Barbara Cosgrove, Chief Security Officer, Workday, Inc. Lothar Determann, Partner, Baker & McKenzie LLP We re taking

More information

50x 2020 40 Zettabytes*

50x 2020 40 Zettabytes* IBM Global Technology Services How to integrate cloud-based disaster recovery into your existing business continuity plans Richard Cocchiara: IBM Distinguished Engineer; CTO IBM Business Continuity & Resiliency

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

Leveraging the Private Cloud for Competitive Advantage

Leveraging the Private Cloud for Competitive Advantage Leveraging the Private Cloud for Competitive Advantage Introduction While it is universally accepted that organisations will leverage cloud solutions to service their IT needs, there is a lack of clarity

More information

ICT managed services and cloud computing. Patrick Sefton Principal, Brightline Lawyers

ICT managed services and cloud computing. Patrick Sefton Principal, Brightline Lawyers ICT managed services and cloud computing Patrick Sefton Principal, Brightline Lawyers ICT a longer view (for context) series of disruptive revolutions 1980s: PC revolution end dominance of centralised

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk. itg CloudBase

24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk. itg CloudBase 24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk Onsite Support itg CloudBase Pro-Active managed it support services for one single cost per month covers all aspects of

More information

Software as a Service (SaaS) Online HR

Software as a Service (SaaS) Online HR Software as a Service (SaaS) Online HR Contents Service Definition... 3 An overview of the G-Cloud Service... 3 Key Service Attributes... 4 Information assurance... 4 Details of the level of backup/restore

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

Why You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc.

Why You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc. . The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Why You Should Consider Cloud- Based

More information

IT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits

IT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits IT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits Daniel D. Galorath, CEO Galorath Inc. Steven Woodward, CEO, Cloud Perspectives Portions Copyright Cloud Perspectives

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST Enabling user efficiency with a cloud-based email platform With productivity, revenues and reputation at stake, an

More information

Choosing a global cloud infrastructure provider

Choosing a global cloud infrastructure provider IMAGE: ANIMIND/FOTOLIA.COM Choosing a global cloud infrastructure provider Top considerations for choosing a global cloud infrastructure provider A guide for enterprises considering IaaS services, by Lisa

More information

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word

More information

NSW Government. Cloud Services Policy and Guidelines

NSW Government. Cloud Services Policy and Guidelines NSW Government Cloud Services Policy and Guidelines August 2013 1 CONTENTS 1. Introduction 2 1.1 Policy statement 3 1.2 Purpose 3 1.3 Scope 3 1.4 Responsibility 3 2. Cloud services for NSW Government 4

More information

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance 3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security

More information

Cloud Services and Business Process Outsourcing

Cloud Services and Business Process Outsourcing Cloud Services and Business Process Outsourcing What security concerns surround Cloud Services and Outsourcing? Prepared for the Western NY ISACA Conference April 28 2015 Presenter Kevin Wilkins, CISSP

More information

Is your business secure in a hosted world?

Is your business secure in a hosted world? Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer

More information

WHITE PAPER. How to choose and implement your cloud strategy

WHITE PAPER. How to choose and implement your cloud strategy WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.

More information

TELEFÓNICA UK LTD. Introduction to Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15

More information

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Security in the Cloud: Visibility & Control of your Cloud Service Providers Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,

More information

Your guide to hosted data centres: How to evaluate potential providers

Your guide to hosted data centres: How to evaluate potential providers Your guide to hosted data centres: How to evaluate potential providers Finding the right hosted data centre More than ever, organizations require a secure, reliable and flexible data centre to meet growing

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

The Business Case for Cloud: Critical Legal, Business & Diligence Considerations

The Business Case for Cloud: Critical Legal, Business & Diligence Considerations The Business Case for Cloud: Critical Legal, Business & Diligence Considerations Presented by Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com (678) 823-6611 Janine Anthony Bowen, Esq., CIPP/US

More information

Investment Management Outsourcing. March 2012

Investment Management Outsourcing. March 2012 Investment Management Outsourcing March 2012 Table of Contents Section 1» Middle Office Outsourcing Defined Section 2» Current State & Likeliness to Evolve Section 3» Benefits Section 4» Why Now? Section

More information

GAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com

GAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com GAIN CLARITY CRITICAL ISSUES Your Data in the Cloud : Benefits & Risks berrydunn.com AGENDA Defining Cloud Services Benefits and Risks Core Requirements Myths about Clouds Is Your Data in the Cloud Secure?

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information