EHR IN THE CLOUD - FINDING A BALANCE
|
|
- Bernard Dixon
- 8 years ago
- Views:
Transcription
1 1 05/12/2013 EHR IN THE CLOUD - FINDING A BALANCE Michael De Geest Central information security consultant vzw Provincialaat der Broeders van Liefde
2 2 EHR in the Cloud - introduction Find a clever way to deal with risks: - search for a methodology to handle risks - find a syntax to identify the risks -> risks have to be easy-tounderstand by the policy - pursue a scenario based risk analysis -> say what s going wrong Topics in this presentation: Insecure connections / Third party and data / Various providers / Reporting and data access / awareness of safety levels
3 3 EHR in the Cloud - insecure connections Situation: hosting of EHR in the Cloud provided by foreign hosting provider Juridical: strictly speaking, the EHR may not reside outside the walls of hospitals (this is an outdated legislation) Weakness: insufficient elaborated back-to-back SLAs between telecom providers Risk: failure of international connections due to conflicts between telecom providers
4 4 EHR in the Cloud - insecure connections Measures: 24/7 availability of network team of the hosting provider -> only this measure is not enough -> need for better measures
5 5 EHR in the Cloud - third party and data Situation: hosting van EHR in Cloud is provided by a hosting provider, that provides basic services such as data backup. Weakness: medical data is stored by the third party. The hospital has no control over the existing security measures. Risk: third party has unauthorized access to medical data from the hospital
6 6 EHR in the Cloud - third party and data Measures: - Creation of back-to-back SLAs between hospital and hosting provider - Responsibility of hospital: compliance with the back-to-back SLAs - Ability to obtain an audit of the third party
7 7 EHR in the Cloud - various providers Situation: the hosting of the EHR in the cloud is provided by a hosting provider. The actual EHR software that runs on this hosting is provided by the so called software provider (= another third party) Weakness: the software provider can claim a certificate that actually belongs to the hosting provider Risk: mistaken SLA between hospital and software provider, due to a wrong certificate claim Measures: vigilance and awareness of claiming certificates by software vendors
8 8 EHR in the Cloud - reporting and data access Situation: each hospital needs hospital-specific reports. Additionally, there is a need for direct read and write operations on the database. Weakness: - connectors that can provide read and write operations may have access to restricted data - Insufficient separation between customer data, both at the level of user access as at the level of direct SQL access to data in the database
9 9 EHR in the Cloud - reporting and data access Risks: - correct data is retrieved/edited from the wrong hospital - wrong data is retrieved/edited from the correct hospital Measures: - an independent audit is required - ask the software provider to offer better data connections. This can lead to a loss of flexibility, which in turn is a new risk. You have to make your management aware of this risk. - Foresee infrastructure to run reports against local copies of databases
10 10 EHR in the Cloud - awareness of safety levels Both the EHR and hosting provider are unaware what security measures they have to take in order to be compliant with the current guidelines (ISO guidelines and privacy commission). Current situation: - no clarity about any shortcomings - security levels of the provider and the hospital are difficult to compare - not clear under which conditions a hosting provider can obtain data access
11 11 EHR in the Cloud - awareness of safety levels What should be done: - Hosting and software provider should mutually agree on their SLAs in order to affirm the security levels of each other - the technical architecture should be clarified - The expected level of the hospital and the offered levels of the providers have to be aligned on each other. In this regard the discussions must take place in an honest way (and in advance). - Statement of Applicability = a copy of the ISO 2700X measures + adjustments to the needs, by inspecting the additional standards and the new European privacy law
12 12 Questions?
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationDaniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016
Daniel Field, Atos Spain Towards the European Open Science Cloud, Heidelberg, 20/01/2016 SLALOM is ready to use Cloud SLAs SLALOM will take theory to practice, providing a trusted verifiable starting point
More informationPUBLIC CLOUD COMES OF AGE
50 PUBLIC CLOUD COMES Public cloud services are seeing significant uptake in the Middle East. OF AGE AFTER A LONG PERIOD OF PROMOTION AND HYPE AROUND PUBLIC CLOUD SERVICES, REGIONAL PROVIDERS REPORT THAT
More informationCloud Security: An Independent Assessent
Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More informationPolicy Outsourcing and Cloud Based File Sharing
Policy Outsourcing and Cloud Based File Sharing Version 3.1 TABLE OF CONTENTS Outsourcing Policy... 2 Outsourcing Management Standard... 2 Overview... 2 Standard... 2 Outsourcing Policy... 3 Policy Statement...
More informationEXIN Cloud Computing Foundation
Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing
More informationInformation Security Team
Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface
More informationContracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT
Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Overview Cloud computing offers great opportunities for organizations, including schools, hospitals and businesses
More informationBuild (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)
It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The
More informationThe Future of Cloud Computing: Elasticity, Legacy Support, Interoperability and Quality of Service
The Future of Cloud Computing: Elasticity, Legacy Support, Interoperability and Quality of Service Introduction and overview of the workshop Alex Delis and Michael Pantazoglou, University of Athens www.sucreproject.eu
More informationPharma CloudAdoption. and Qualification Trends
Pharma CloudAdoption and Qualification Trends OurCloudExperience Numerous implementations of EDMS systems with external hosting for smaller life science clients Development of qualification strategy for
More informationHealthcare Data in the Cloud A Gathering Storm of Governance. Erik Pupo Senior Manager, Deloitte
Healthcare Data in the Cloud A Gathering Storm of Governance Erik Pupo Senior Manager, Deloitte Objectives for this Webinar Explain what the healthcare cloud really means Highlight emerging challenges
More informationCan Cloud Database PaaS Solutions Replace In-House Systems?
Can Cloud Database PaaS Solutions Replace In-House Systems? Abstract: With the advent of Platform-as-a-Service as a viable alternative to traditional database solutions, there is a great deal of interest
More informationhttp://www.guido.be/intranet/enqueteoverview/tabid/152/ctl/eresults...
1 van 70 20/03/2014 11:55 EnqueteDescription 2 van 70 20/03/2014 11:55 3 van 70 20/03/2014 11:55 4 van 70 20/03/2014 11:55 5 van 70 20/03/2014 11:55 6 van 70 20/03/2014 11:55 7 van 70 20/03/2014 11:55
More informationFundamentals for EHR Success
Fundamentals for EHR Success Angie Chew Monksfield Principal of Portfolio Lim Shih Hsien Deputy Director, Information Security Knowing the Pain Points This material contains information that is confidential
More informationTrend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard
Partner Addendum Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard The findings and recommendations contained in this document are provided by VMware-certified
More informationTips For Buying Cloud Infrastructure
27 Tips For Buying Cloud Infrastructure A Comprehensive list of questions to ask yourself when reviewing potential cloud providers By Christopher Wilson @chrisleewilson Table of Contents Intro: Evaluating
More informationSecurity und Compliance in Clouds
Security und Compliance in Clouds Prof. Dr. Jan Jürjens, Kristian Beckers Fraunhofer Institut für Software- und Systemtechnologie ISST, Dortmund http://jan.jurjens.de The NIST Cloud Definition Framework
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationSecure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net
Secure Enterprise Mobility Management White Paper: Cloud-Based Enterprise Mobility Management soti.net Background Facing a business environment of constant change and increasing complexity, enterprises
More informationDigital Healthcare: Author. A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider. Alex Ginzburg
: A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider Author Alex Ginzburg VP of Technology, Intervention Insights, Inc. Kanda Software 200 Wells Ave, Newton, MA 02459 617-340-3850 Over
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationGenomics and the EHR. Mark Hoffman, Ph.D. Vice President Research Solutions Cerner Corporation
Genomics and the EHR Mark Hoffman, Ph.D. Vice President Research Solutions Cerner Corporation Overview EHR from Commercial Perspective What can be done TODAY? What could be done TOMORROW? What are some
More informationSAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT
SAM Benefits Overview SAM SAM is critical to managing an IT environment because effectiveness is seriously compromised when an organization doesn t know what software assets it has, where they are located,
More informationThe Risks of Cloud Computing:
The Risks of Cloud Computing: Understanding the inherent risks form cloud computing and cloud technologies K AT I E WOOD S E NIOR L E CTURE I NFORMATIONS S Y S T E MS D E PA R T MENT U NIVERSITY OF WOLVERHAMPTON
More informationBocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise. Benefits of Backup Policy Management
Bocada White Paper Series: Improving Backup and Recovery Success with Bocada Enterprise Why Policy Management Matters... 3 Data Protection Service Management: An Overview... 3 Policy Management s Role
More informationCollaboration for Big Data, Business Intelligence, and Mobile Initiatives
Collaboration for Big Data, Business Intelligence, and Mobile Initiatives Valeh Nazemoff, Acolyst Sr. Vice President Session Code BI01 Speaker Bio Specializing in enterprise business performance management
More informationArchitecting the Cloud
Architecting the Cloud Sumanth Tarigopula Director, India Center, Best Shore Applications Services 2011Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without
More informationManaging the Shadow Cloud
Managing the Shadow Cloud Integrating cloud governance into your existing compliance program August 2014 Shadow IT is not a new concept and organizations are well aware of the risks associated with unauthorized
More informationCloud Technology Platform Enables Leading HR and Payroll Services Provider To Meet Solution Objectives
Greytip Online Cloud based HR & Payroll software Cloud Technology Platform Enables Leading 16 Snapshot Client Profile A global HR & Payroll outsourcing company. The company is in the business of delivering
More informationHIPAA Audits Are Happening. eroi
HIPAA Audits Are Happening. eroi Are You at Risk? efiling Advanced efile Form Completion Charting Host: Kathryn Ayers Wickenhauser Meaningful Use / HIPAA Compliance Consultant Kathryn.Wickenhauser@DatafileTechnologies.com
More informationRetention & Disposition in the Cloud Do you really have control?
InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October
More informationBring Your Own Devices (BYOD) Information Governance Guidance
Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations wishing to enable the use of Bring Your Own
More informationIT GOVERNANCE ISSUES IN THE INSTITUTIONS WE HAVE AUDITED: LESSONS LEARNED
CONTRALORIA GENERAL DE LA REPUBLICA DE COSTA RICA 5TH PERFORMANCE AUDITING SEMINAR INTOSAI STANDING COMMITTEE ON IT AUDIT MAJOR THEME: IT GOVERNANCE IT GOVERNANCE ISSUES IN THE INSTITUTIONS WE HAVE AUDITED:
More informationManual Penetration Testing for ContractPal
Manual Penetration Testing for ContractPal Customer Background ContractPal, Inc. is a SaaS Business Process Outsourcing (BPO) company that has been offering its services and custom applications to a wide
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationSecurity and Compliance in Clouds: Challenges and Solutions
Security and Compliance in Clouds: Challenges and Solutions Prof. Dr. Jan Jürjens Fraunhofer Institut für Software- und Systemtechnologie ISST, Dortmund http://jan.jurjens.de This Talk What are the challenges?
More informationRefresher on cloud computing
Refresher on cloud computing Cloud computing is a form of outsourcing where the organization outsources data processing to computers owned by the vendor. Outsourcing may also include utilizing the vendor
More informationData Privacy and Security for Market Research in the Cloud
Data Privacy and Security for Market Research in the Cloud Peter Milla IIeX2015 NA Agenda Page 2 1. Background 2. Why the Cloud? 3. Data Privacy and Data Security in the Cloud 4. How do We Deal with It?
More informationCloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World
Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com
More informationDigital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager
Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with
More informationFour Goals of Certification
Mission CCHIT is an independent, nonprofit organization with the mission of accelerating the adoption of robust, interoperable health IT by creating an efficient, credible certification process 2008 Slide
More informationIT Governance Regulatory. P.K.Patel AGM, MoF
IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation
More informationHow to Guide for Cloud Processing and Outsourcing: ISO Compliant - Including ISO 31000-2015 Edition
Brochure More information from http://www.researchandmarkets.com/reports/3302002/ How to Guide for Cloud Processing and Outsourcing: ISO Compliant - Including ISO 31000-2015 Edition Description: The need
More informationInteroperability & Portability for Cloud Computing: A Guide. http://www.cloud-council.org/cscc-cloud-interoperability-and-portability.
Interoperability & Portability for Computing: A Guide http://www.cloud-council.org/cscc--interoperability-and-portability.pdf December, 2014 The Standards Customer Council THE Customer s Voice for Standards!
More informationTable 1 Question Answer Explanation Next Question 1. Sensitive data?
The decision tree shown in Figure 1 is useful to facilitate the decision making process of a cloud deployment model. For each question in Figure 1, refer to the explanation in Table 1. While there are
More informationBest Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP
Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII
More informationRISK. Outsourcing Risk Management How to Focus on Controlling and Managing IT Vendors under RBI Guidelines
August 31 September 2, 2015 Programme on Outsourcing Risk Management How to Focus on Controlling and Managing IT Vendors under RBI Guidelines Coordinator Prof Sunil Bakshi RISK National Institute of Bank
More informationCloud Computing in GxP Environment
Cloud Computing in GxP Environment Kathy Gniecko Hoffmann LaRoche 3rd April 2014, Stevenage 1 Introductions 18 years Experience in Pharma across all aspects of CSV. Prior to CSV experience in Pharma Research,
More informationCloud Service Contracts: An Issue of Trust
Cloud Service Contracts: An Issue of Trust Marie Demoulin Assistant Professor Université de Montréal École de Bibliothéconomie et des Sciences de l Information (EBSI) itrust 2d International Symposium,
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationPublic Cloud Workshop Offerings
Cloud Perspectives a division of Woodward Systems Inc. Public Cloud Workshop Offerings Cloud Computing Measurement and Governance in the Cloud Duration: 1 Day Purpose: This workshop will benefit those
More informationWhy Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it
The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.
More informationContents. Procedures. Chapter 400 Trading. Page. 401 Trading Through the Trading System... 400-1
Contents Procedures Chapter 400 Trading Thailand Futures Exchange Pcl. 400 Page 401 Trading Through the Trading System... 400-1 401.01 Standards of the Member s Computer System Used in the Trading... 400-1
More informationCan CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?
SOLUTION BRIEF: CA INFORMATION GOVERNANCE Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure? CA Information Governance delivers
More informationCisco Cloud Assessments. Justin Tang
Cisco Cloud Assessments Justin Tang Cisco Landscape Evolution of Cloud Assessments Performing Cloud Assessments Challenges 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Definition:
More informationManaged Desktop Support Services
managed enterprise technologies Managed Desktop Support Services MET Managed Desktop Support Service Most organisations spend lots of time and money trying to manage complex desktop environments and worrying
More informationEffectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationChecklist for a Watertight Cloud Computing Contract
Checklist for a Watertight Cloud Computing Contract Companies of all industries are recognizing the need and benefit of moving some if not all of their IT infrastructure to a Cloud whether public or private.
More informationAna Juan Ferrer Cloud Forward 2015, 07/10/2015
Ana Juan Ferrer Cloud Forward 2015, 07/10/2015 SLALOM in a nutshell Service Level Agreement Legal and Open Model SLALOM s principal objeccve is to create a Service Level Agreement (SLA) reference model
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationMobile applications and compliancy: what you should know. March 2016
Mobile applications and compliancy: what you should know March 2016 1 Mobile applications and compliancy: what you should know Skyping with somebody on the other side of the world via a smartphone, or
More informationCloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority
Cloud Security Standards Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority Introduction Sign Off December 2012 Information Technology Authority
More informationCloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015
Cloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015 James B. Wieland, Principal, Ober Kaler David Holtzman, VP of Compliance, CynergisTek Welcome The slides
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationMaking Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled
Making Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled Government Conference & Expo September 22, 2011 Disclaimer This
More informationBECOME A SMARTER CLOUD CONSUMER
Kurt Hagerman Chief Information Security Officer BECOME A SMARTER CLOUD CONSUMER Ripping through the Rhetoric to Find Your Cloud & Control Your Risk 05/18/2015 ABOUT KURT HAGERMAN Kurt Hagerman Chief Information
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationA Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health Card Marcel Winandy (Ruhr-University Bochum) 3rd International ICST Conference on Electronic Healthcare for the 21st Century
More informationTHE DOMESTIC SURVEY AND THE CONSEQUENT RECOMMENDATIONS
OVERSIGHT RECOMMENDATIONS ON BUSINESS CONTINUITY BACKGROUND OF THE DOMESTIC SURVEY Unexpected incidents worldwide have focused the attention of the financial sector, including the participants of the domestic
More informationCloud Computing Contract Clauses
Cloud Computing Contract Clauses Management Advisory Report Report Number SM-MA-14-005-DR April 30, 2014 Highlights The 13 cloud computing contracts did not address information accessibility and data security
More informationESKISP6046.02 Direct security architecture development
Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable
More informationDriveHQ Security Overview
DriveHQ Security Overview Based in Silicon Valley, DriveHQ was the first company to offer Cloud IT Solution. We have over one million customers from all over the world and across many industries. We have
More informationAPPLYING LESSONS LEARNED TO FEDERAL CLOUD COMPUTING
APPLYING LESSONS LEARNED TO FEDERAL CLOUD COMPUTING WHAT DO FEDERAL LEADERS THINK OF THEIR AGENCIES PROGRESS IN IMPLEMENTING CLOUD COMPUTING, AND WHAT CAN AGENCIES DO TO OVERCOME THEIR ONGOING OBSTACLES?
More informationOperations and Network Center (CORE)
Operations and Network Center (CORE) Get to know us The Operations and Network Center (CORE) is the cornerstone in Informatica ECI's strategy for the provision of managed information technology services.
More informationAudit of the programme performance management in DPKO
ANNEX I AUDIT RECOMMENDATIONS Audit of the programme performance management in DPKO Rec. no. Recommendation 1 DPKO should further refine its logical framework to ensure that: (a) indicators of achievement
More informationACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire
ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire Overview This pre-implementation questionnaire is designed to provide the Boston College Internal Audit Department with a general understanding
More informationSECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING
SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING Karin Bernsmed, Martin Gilje Jaatun SINTEF Information and Communication Technology, Trondheim, Norway Karin.Bernsmed@sintef.no, Martin.G.Jaatun@sintef.no
More informationNovember 12, 2015. I.T. Change Management Why Bother?
November 12, 2015 I.T. Change Management Why Bother? Why do it? The true intent of your I.T. Change Management process is to: a) Pass an Audit or b) Mitigate Risk to the Business Mitigate Risk to the Business
More informationAUDIT REPORT. The Department of Energy's Management of Cloud Computing Activities
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Department of Energy's Management of Cloud Computing Activities DOE/IG-0918 September 2014 Department
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationCloud Computing in a GxP Environment: The Promise, the Reality and the Path to Clarity
Reprinted from PHARMACEUTICAL ENGINEERING THE OFFICIAL TECHNICAL MAGAZINE OF ISPE JANUARY/FEBRUARY 2014, VOL 34, NO 1 Copyright ISPE 2014 www.pharmaceuticalengineering.org information systems in a GxP
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationG-Cloud Big Data Suite Powered by Pivotal. December 2014. G-Cloud. service definitions
G-Cloud Big Data Suite Powered by Pivotal December 2014 G-Cloud service definitions TABLE OF CONTENTS Service Overview... 3 Business Need... 6 Our Approach... 7 Service Management... 7 Vendor Accreditations/Awards...
More informationG-Cloud 7 Service Description Document. Third Party Services. Zendesk Licences 1. Zendesk Services (Consulting) 2. Nexus Pro Licences & Services 3
CONTENTS Zendesk Licences 1 Zendesk Services (Consulting) 2 Nexus Pro Licences & Services 3 GlobalTester Licences & Services 4 Service Clarity 5 Copyright Clearvision-CM 2015 0 ZENDESK LICENCES (HOSTED)
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationWe Believe in Security with a Capital S
Security Consulting by arvato Systems We Believe in Security with a Capital S The number of attacks on IT systems has increased dramatically in recent years, with the style and approach of such attacks
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationPublic Cloud Service Agreements: What to Expect & What to Negotiate. April 2013
Public Cloud Service Agreements: What to Expect & What to Negotiate April 2013 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide customer-led guidance to the multiple
More informationHow a Cloud Service Provider Can Offer Adequate Security to its Customers
royal holloway s, How a Cloud Service Provider Can Offer Adequate Security to its Customers What security assurances can cloud service providers give their customers? This article examines whether current
More informationCLOUD FRAMEWORK & SECURITY OVERVIEW
CLOUD FRAMEWORK & OVERVIEW From small businesses to the largest Fortune 500 Enterprises, customers trust the irise cloud infrastructure when collaborating to define and design their applications. This
More informationHow To Choose A Cloud Computing Solution
WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.
More informationSATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks
SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical
More informationA Rackspace White Paper Spring 2010
Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry
More information