Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT
|
|
|
- Jared Cole
- 8 years ago
- Views:
Transcription
1 Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT
2 Overview Cloud computing offers great opportunities for organizations, including schools, hospitals and businesses in various industries. These opportunities raise some important privacy issues, as a result of third party service providers having access to data, particularly in sectors such as healthcare, financial services and education. What limits should be placed on Cloud Service Provider ( CSP ) use of this data? What is required under national and local laws? Recent surveys highlight that data mining of data for advertising or marketing purposes is a key concern among data subjects Policy-makers, administrators of various institutions and organizations, CIOs should ensure that IT service providers protect data subject privacy and refrain from commercial uses of their data.
3 Scary invasion of privacy
4 Privacy - Data Protection Basics The employee or customer of the cloud customer Customer Microsoft
5 What to consider before selecting a Cloud Service Provider Know your cloud service provider Research provider s track record on privacy and security Understand provider s business model and assess whether your data is likely to be used or mined for a secondary purpose Place clear contractual restrictions. Include contract clauses that: Allow provider to use customer data only to operate the service Prohibit use of customer data for advertising and marketing purposes Require provider to maintain appropriate administrative, physical and technical safeguards Require provider to comply with applicable privacy laws
6 Frameworks impacting Cloud Services
7 Questions to Ask Cloud Service Providers How will you use our data which we store in or transmit across the cloud services you are operating? Is our data segregated and stored separately from the data related to your consumer cloud offerings? Will you agree to contractual provisions that restrict your use of our data to only uses necessary to operate the contracted services, including provisions that specifically prohibit mining or use of our data for any purposes related to marketing or advertising? Identify baselines requirements such as Data Protection Legal Provisions or ISO Certifications that can be a measure for whether a cloud service provider has implemented rigorous security and data protections.
8 A recent US University study shows that schools are challenged to deal with cloud services. Cloud services are poorly understood, nontransparent, and weakly governed: only 25% of school districts inform parents of cloud services, 20% of districts fail to have policies for the use of online services, and a many districts have rampant gaps in their contract documentation, including missing privacy policies. Districts are often passive parties to cloud service contracts that are drafted by vendors and not subject to any negotiations. These agreements must more directly address privacy obligations. The study recommends better contracting by schools, to prohibit sales, advertising and marketing uses of student and teacher data by cloud vendors.
9 Place clear restrictions in contracts on cloud service provider use of data. Since the CSP will have access to, and will be storing, the customer s sensitive information, the agreement should contain specific language (i) (ii) regarding the provider s obligations to maintain the confidentiality of such information; placing appropriate limitations on the provider s use of such customer information (i.e., confirming that the provider has no right to use such information except in connection with its performance under the cloud computing agreement, including specifically exclude the provider from any mining of such data. (iii) Requiring the cloud service provider to be transparent about their practices and internal policies, including compliance with local laws and meeting globally recognized standards certifications such as ISO 27001, , 27018; compliance audits by independent third parties.
10 Our position, as we state on our Trust Center, is: Your data belongs to you. Microsoft does not scan s and documents to create advertisement products We back that statement up with contractual provisions that limit how we can use or store data. Microsoft will only use customer data for the purpose of fulfilling its duties under the Agreement, which includes providing the Cloud Services in Office 365 or Azure for Customer s and its End Users benefit. The Office 365 or Azure Services will not use Customer Data for any advertising or other commercial purpose of Microsoft or any third party. Microsoft firmly believes advertising and marketing uses of personal data should not be permitted by service providers. Further, contracts with institutions such as schools should state these concepts in clear and unambiguous terms.
The problem of cloud data governance
The problem of cloud data governance Vasilis Tountopoulos, Athens Technology Center S.A. (ATC) CSP EU Forum 2014 - Thursday, 22 nd May, 2014 Focus on data protection in the cloud Why data governance in
Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
Achieving Data Privacy in the Cloud
Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute
Cloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
Microsoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions
Microsoft Pty Ltd Australian Financial System Inquiry: Response to request for further submissions August 2014 1 Response in relation to Chapter 9 of the Interim Report Microsoft is pleased to respond
Cloud Governance is more than Security. Cloud Law or Legal Cloud?
more than Security Cloud Law or Legal Cloud? more than Security Governance principles more than Security Governance principles 1. Context definition Which organisation/ structure? Which roles and responsibilities?
Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security
Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Presented by Microsoft and Foley Hoag LLP s Privacy and Data Security Practice Group May 14, 2015 Proposal or event name (optional)
How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015
How Microsoft is taking Privacy by Design to Work Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 Agenda Introducing the New Microsoft Microsoft privacy principle Protecting privacy
Digital Healthcare: Author. A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider. Alex Ginzburg
: A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider Author Alex Ginzburg VP of Technology, Intervention Insights, Inc. Kanda Software 200 Wells Ave, Newton, MA 02459 617-340-3850 Over
Report on Student Data Security in Online Assessment OHIO DEPARTMENT OF EDUCATION DECEMBER 2014
Report on Student Data Security in Online Assessment OHIO DEPARTMENT OF EDUCATION DECEMBER 2014 Page 1 Student Data Security in Online Assessment December 2014 PURPOSE OF REPORT This report responds to
TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014
TRUSTED CLOUD Our commitment to provide a cloud you can trust Fernando Machado Píriz September 2014 Technology Trends Driving cloud adoption 71% of strategic buyers cite scalability, cost and business
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
Office Exchange SharePoint Lync
Office Exchange SharePoint Lync Comprehensive tools to do your best work Enterprise-grade cloud services Office 365 is A HIGHLY CONFIGURABLE, but not a customizable solution. MICROSOFT DATA CENTER
Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini
Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last
CLOUD COMPUTING AND PRIVACY CURRENT PRACTICES IN FAIRFAX COUNTY PUBLIC SCHOOLS
CLOUD COMPUTING AND PRIVACY CURRENT PRACTICES IN FAIRFAX COUNTY PUBLIC SCHOOLS JCOTS Committee Meeting November 18, 2014 Jim Siegl Technology Architect Fairfax County Public Schools AGENDA Cloud Computing
Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler
Cloud computing Alessandro Galtieri, Senior Lawyer, Colt Technology Services, London, UK Pavel Klimov, General Counsel EMEA, Unisys, London, UK Severin Loeffler, Assistant General Counsel, Central Eastern
Cloud e-mail services: Security, Compliance and Privacy. Nasos Kladakis Solutions Specialist Microsoft Hellas
Cloud e-mail services: Security, Compliance and Privacy Nasos Kladakis Solutions Specialist Microsoft Hellas Risk Management Program Overview Information Security Policy Security Privacy & Regulatory Service
Part A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
Information Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
HIPAA/HITECH Compliance Using VMware vcloud Air
Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the
Trust. The essential ingredient for innovation. Thomas Langkabel National Technology Officer Microsoft Germany
Trust The essential ingredient for innovation Thomas Langkabel National Technology Officer Microsoft Germany How do we understand innovation? Innovation is the conversion of knowledge and ideas into new
Cloud Storage Policy (Draft for consultation)
(Draft for consultation) Please note that this draft is under consultation with stakeholders in colleges and university services, before refinement and approval by the appropriate University Committee.
Security and Privacy in Cloud Computing
Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges
Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).
Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the
Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services
Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...
Top Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
Our Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
Microsoft Azure. White Paper Security, Privacy, and Compliance in
White Paper Security, Privacy, and Compliance in Security, Privacy, and Compliance in Executive Summary The adoption of cloud services worldwide continues to accelerate, yet many organizations are wary
ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
Cloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
1 SB425 2 159399-1. 3 By Senators Glover, Beason, Allen, Dial, Williams and. 4 Hightower. 5 RFD: Education. 6 First Read: 04-MAR-14.
1 SB425 2 159399-1 3 By Senators Glover, Beason, Allen, Dial, Williams and 4 Hightower 5 RFD: Education 6 First Read: 04-MAR-14 Page 0 1 159399-1:n:02/28/2014:PMG/tan LRS2014-1091 2 3 4 5 6 7 8 SYNOPSIS:
Cloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
Standard: Application Service Provider Security Requirements
Standard: Application Service Provider Security Requirements Page 1 Executive Summary SJSU has the option to select and contract with approved 3 rd parties, application service providers, services and
A Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
Hot Topics in IT. CUAV Conference May 2012
Hot Topics in IT CUAV Conference May 2012 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
Article 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
ISO/IEC 27018 Safeguarding Personal Information in the Cloud. Whitepaper
ISO/IEC 27018 Safeguarding Personal Information in the Cloud Whitepaper Summary The protection of private information has never been a higher priority. Many national and international bodies, including
I. EXECUTIVE SUMMARY. Date: June 30, 2015. Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services
Date: June 30, 2015 To: Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services From: Craig Trujillo, CPA, Deputy Chief Auditor CST Tele: Office 860-757-9952 Mobile 860-422-3600 City
Acquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
Trust in the Cloud Legal and Regulatory Framework
Trust in the Cloud Legal and Regulatory Framework Cloud Security Alliance San Francisco, CA February 26, 2014 Francoise Gilbert, JD, CIPP Managing Director IT Law Group 2014 IT Law Group All Rights Reserved
Microsoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
Protecting Data and Privacy in the Cloud
Protecting Data and Privacy in the Cloud Contents 1 3 6 9 12 13 Protecting Data and Privacy in the Cloud an Introduction Building Services to Protect Data Protecting Data in Service Operations Empowering
Richard Gadsden Information Security Office Office of the CIO Information Services
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO Information Services Sharon Knowles Information Assurance Compliance MUSC Medical Center
SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS
SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or
Information Technology Security Program
Information Technology Security Program Office of the CIO December, 2008 1 AGENDA What is it? Why do we need it? An international Standard Program Components Current Status Next Steps 2 What is It? A Policy
State of South Carolina Policy Guidance and Training
DRAFT For Discussion Purposes Only State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Information Systems (IS) Acquisitions, Development, and Maintenance Policy April/May
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
Security & privacy in the cloud; an easy road?
Security & privacy in the cloud; an easy road? A journey to the trusted cloud Martin Vliem CISSP, CISA National Security Officer Microsoft The Netherlands mvliem@microsoft.com THE SHIFT O L D W O R L D
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs
Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren
Lots of clouds: a stormy weather for information privacy?
Lots of clouds: a stormy weather for information privacy? Michel Jaccard Sylvain Métille Web idest.pro Twitter @idestavocats Introduction Purpose: know what you do, why you do it, the risks and the best
Securing the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
Cloud Computing. Report No. OIG-AMR-74-14-03. UNITED STATES GOVERNMENT National Labor Relations Board Office of Inspector General.
UNITED STATES GOVERNMENT National Labor Relations Board Office of Inspector General Cloud Computing Report No. OIG-AMR-74-14-03 October 21, 2014 CONTENTS EXECUTIVE SUMMARY... 1 BACKGROUND... 2 OBJECTIVE,
Review of Cloud Risks: What if
Review of Cloud Risks: What if Availability of Data Ownership of Data Security of Information Privacy Controls there is no way to prevent Twitter from sharing your data (like when & where you tweeted from)
Healthcare Organizational Needs
Healthcare Organizational Needs My company wants to improve the quality of our care, maximize our financial position and explore new market opportunities Health IT projects need to facilitate clinical
Hans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
Auditor General s Office. Governance and Management of City Computer Software Needs Improvement
Auditor General s Office Governance and Management of City Computer Software Needs Improvement Transmittal Report Audit Report Management s Response Jeffrey Griffiths, C.A., C.F.E Auditor General, City
Cloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1
Cloud Computing and Privacy Toolkit Protecting Privacy Online May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Table of Contents ABOUT THIS TOOLKIT... 4 What is this Toolkit?... 4 Purpose of this Toolkit...
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
Cloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Contact telephone Parent Teacher Online
Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland
Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of
Cloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing
How to Use the Federal Risk and Authorization Management Program (FedRAMP) for Cloud Computing Warren S. Udy, CISSP Senior Cyber Security Advisor Office of Cyber Security 301-903-5515 warren.udy@hq.doe.gov
Data Governance Update. BOE workshop January 30, 2014
Data Governance Update BOE workshop January 30, 2014 IT Leadership Brett Miller, Chief Technology Officer Dave Reid, Director Enterprise Application Architecture Chris Paschke, Manager Information Security
ISO 9001:2015 Internal Audit Checklist
Page 1 of 14 Client: Date: Client ID: Auditor Audit Report Key - SAT: Satisfactory; OBS: Observation; NC: Nonconformance; N/A: Not Applicable at this time Clause Requirement Comply Auditor Notes / Evidence
Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5
Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,
Cloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
2014 NMSBA School Law Conference
2014 NMSBA School Law Conference STUDENT PRIVACY IN THE CLOUD Andrew M. Sanchez Jun Roh June 7, 2014 Student Privacy Concerns What is cloud computing? Kinds of Clouds: Public Cloud managed, owned and provided
Cloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
Information Security Operational Procedures
College Of Coastal Georgia Information Security Operational Procedures Banner Student Information System Security Policy INTRODUCTION This document provides a general framework of the policy utilized by
CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES
CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES How can you better prepare and respond to cyber risks? ACE developed Loss Mitigation Services to help policyholders understand and gauge various areas
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored
5 Things to Look for in a Cloud Provider When it Comes to Security
5 Things to Look for in a Cloud Provider When it Comes to Security In This Paper Internal technology services that lack resources, rigor or efficiencies are prime candidates for the cloud Understand the
Software Licenses Managing the Asset and Related Risks
AUDITOR GENERAL S REPORT ACTION REQUIRED Software Licenses Managing the Asset and Related Risks Date: February 4, 2015 To: From: Wards: Audit Committee Auditor General All Reference Number: SUMMARY The
COMMUNICATIONS ALLIANCE LTD
COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE
Information Security Management System Information Security Policy
Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been
Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
Double-Take in a HIPAA Regulated Health Care Industry
Double-Take in a HIPAA Regulated Health Care Industry Abstract: This document addresses the contingency plan and physical access control requirements of the Administrative Simplification security provision
Building Trust and Confidence in Healthcare Information. How TrustNet Helps
Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)
Risks of Hosting Practice Data on the Cloud Vs. Locally
Risks of Hosting Practice Data on the Cloud Vs. Locally Software involving the cloud is becoming ever more popular amongst health professions due to the myriad of benefits it delivers. This concept is
Seeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
IT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
Case Studies: Protecting Sensitive Data in
Case Studies: Protecting Sensitive Data in C.J. Radford Vice President, Cloud September 18, 2014 Contact: @cjrad; cradford@vormetric.com Agenda Data Security Challenges Top Considerations for Data Centric
VISP Vendor Information Security Plan: A tool for IT and Institutions to evaluate third party vendor capacity and technology to protect research data
VISP Vendor Information Security Plan: A tool for IT and Institutions to evaluate third party vendor capacity and technology to protect research data 1 Table of Contents Executive Summary... 3 Template
Cloud Computing and Data Protection Compliance - Experiences from Norway
Cloud Computing and Data Protection Compliance - Experiences from Norway PhD Thomas Olsen Legal Aspects of Cloud Computing, UiO, 27 January 2015 www.svw.no Overview Cloud Computing Introduction to EU and
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
Why you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
Type of Personal Data We Collect and How We Use It
Philips Lumify App Privacy Notice This Privacy Notice was last changed on September 1, 2015. Philips Electronics North America Corporation ("Philips") strongly believes in protecting the privacy of the
Guideline for Roles & Responsibilities in Information Asset Management
ISO 27001 Implementer s Forum Guideline for Roles & Responsibilities in Information Asset Management Document ID ISMS/GL/ 003 Classification Internal Use Only Version Number Initial Owner Issue Date 07-08-2009
Bringing Box into HIPAA Alignment. Bob Flynn & Anurag Shankar University Information Technology Services Indiana University
Bringing Box into HIPAA Alignment Bob Flynn & Anurag Shankar University Information Technology Services Indiana University Outline 1. Introduction 2. Service Partnership 3. Legal Requirements 4. Risk Management
Business 360 Online - Product concepts and features
Business 360 Online - Product concepts and features Version November 2014 Business 360 Online from Software Innovation is a cloud-based tool for information management. It helps you to work smarter with
DNV GL Assessment Checklist ISO 9001:2015
DNV GL Assessment Checklist ISO 9001:2015 Rev 0 - December 2015 4 Context of the Organization No. Question Proc. Ref. Comments 4.1 Understanding the Organization and its context 1 Has the organization
Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC
Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC Disclaimer THIS PRESENTATION IS TO ASSIST IN A GENERAL
Information Security Management System for Cloud Computing
ICT Innovations 2011 Web Proceedings ISSN 1857-7288 49 Information Security Management System for Cloud Computing Sashko Ristov, Marjan Gushev, and Magdalena Kostoska Ss. Cyril and Methodius University
Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
HIPAA SECURITY RISK ANALYSIS FORMAL RFP
HIPAA SECURITY RISK ANALYSIS FORMAL RFP ADDENDUM NUMBER: (2) August 1, 2012 THIS ADDENDUM IS ISSUED PRIOR TO THE ACCEPTANCE OF THE FORMAL RFPS. THE FOLLOWING CLARIFICATIONS, AMENDMENTS, ADDITIONS, DELETIONS,