Enterprise Architecture Review Checklist



Similar documents
Security Overview Enterprise-Class Secure Mobile File Sharing

SaaS Security for the Confirmit CustomerSat Software

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Cloud Computing: Risks and Auditing

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Williamson County Technology Services Technology Project Questionnaire for Vendor (To be filled out withprospective solution provider)

NET ACCESS HIPAA COMPLIANT FLEXCloud

Securing the Service Desk in the Cloud

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World

Tableau Online Security in the Cloud

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

PCI Requirements Coverage Summary Table

Security from a customer s perspective. Halogen s approach to security

Cloud Security Introduction and Overview

Cloud Vendor Evaluation

Managing Cloud Computing Risk

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Client Security Risk Assessment Questionnaire

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Hosted SharePoint: Questions every provider should answer

Time to Value: Successful Cloud Software Implementation

SECURITY DOCUMENT. BetterTranslationTechnology

Ensuring the Security of Your Company s Data & Identities. a best practices guide

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

EXIN Cloud Computing Foundation

Cloud Computing. What is Cloud Computing?

Secure, Scalable and Reliable Cloud Analytics from FusionOps

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Cloud Services Overview

Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD)

BMC s Security Strategy for ITSM in the SaaS Environment

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Supplier Information Security Addendum for GE Restricted Data

ProjectManager.com Security White Paper

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud Security and Managing Use Risks

Clarizen Security White Paper

VIRGINIA DEPARTMENT OF MOTOR VEHICLES SECURITY ARCHITECTURE POLICY. 03/27/09 Version

Network Security Guidelines. e-governance

Security Information & Policies

THIS SERVICE LEVEL AGREEMENT (SLA) DEFINES GUARANTEED SERVICE LEVELS PROVIDED TO YOU BY INFRONT WEBWORKS.

Table of Contents. CSC CloudCompute Service Description Summary CSC 1

Retention & Destruction

Security Considerations

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Security Issues in Cloud Computing

CSC BizCloud VPE Service Offering Summary. CSC i

NCSU SSO. Case Study

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Flexible Identity Federation

PCI Requirements Coverage Summary Table

Cloud Security: The Grand Challenge

Private vs. Public Cloud Solutions

Oracle Cloud Enterprise Hosting and Delivery Policies Effective Date: June 1, 2015 Version 1.5

Building A Secure Microsoft Exchange Continuity Appliance

Intel Enhanced Data Security Assessment Form

Egnyte Cloud File Server. White Paper

Is Your IT Environment Secure? November 18, Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

HC3 Draft Cloud Security Assessment

ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone

SAAS MADE EASY: SERVICE LEVEL AGREEMENT

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Cloud models and compliance requirements which is right for you?

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

The Essential Security Checklist. for Enterprise Endpoint Backup

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

How To Protect Your Cloud Computing Resources From Attack

Information Technology: This Year s Hot Issue - Cloud Computing

Supplier Security Assessment Questionnaire

Software as a Service (SaaS) Requirements

Projectplace: A Secure Project Collaboration Solution

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

CLOUD SERVICES FOR EMS

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

Cherwell Software Hosted Environment

Payment Card Industry Data Security Standard

Vendor Audit Questionnaire

Security Controls for the Autodesk 360 Managed Services

ShareFile Security Overview

How To Protect Your School From A Breach Of Security

MANAGED EXCHANGE SOLUTIONS Secure, Scalable and Compliant Hosted Environments

Famly ApS: Overview of Security Processes

Remote Voting Conference

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Transcription:

Enterprise Architecture Review Checklist Software as a Service (SaaS) Solutions Overview This document serves as Informatica s Enterprise Architecture (EA) Review checklist for Cloud vendors that wish to do business with Informatica. This checklist contains questions from Informatica s Cloud Standards that cover the areas pertaining to Application, Data, Infrastructure, Integrations, Service and Support, Network / VPN, Security, and Legal. To potential Cloud Vendors, please answer the following list of questions and provide explanations for your answers. When completed, please return this completed EA Review Checklist to your Informatica contact, and please also include any and all architecture diagrams you may have that show how your solution is designed from an infrastructure perspective (web servers, app servers, database servers, load balancers, firewalls, data center locations, co-locations, physical servers, virtual servers, etc.) General Information Please answer the following general information questions for your Cloud solution. Please Explain 1. Name of solution: 2. Name of vendor: 3. Name of vendor contact: 4. Web URL of solution: 5. Description of the solution: 6. General Company information: Company Headquarters Company location(s) Founded date Number of current customers List of current customers 7. Is this solution an approved corporate standard? Informatica Enterprise Architecture Page 1

Vendor Viability Please Explain 1. Please provide a copy of your income statement, balance sheet, and cash flow for the past 3 years. In particular we are looking for: a. Total revenues and revenue growth for the past 3 years, broken down into license growth and support and services b. Cash position: Both the current cash position and your cash position trend over the past three years c. Profitability i. Level of profitability ii. Current burn rate and amount of cash flowing in and out of the company iii. If you are not profitable, what year are you projecting to become profitable? 2. What is your fiscal year period? 3. Please provide your recent key wins, customer count, and renewal rate. 4. What is your current employee count? 5. What is your current year s projected revenue growth? 6. Venture funding (if private): a. How much Venture Funding have you received to date (and which rounds)? b. Do you plan to take on more funding? If so, why? 7. If Public: a. Do you have any outstanding lawsuits that are of material value currently ongoing? b. Who audits your financials? Have they issued an unqualified opinion on your financials? Are there any ongoing audits due to financial irregularities identified? Informatica Enterprise Architecture Page 2

Service Level, Support and Certifications Please answer the following Support related questions for your Cloud solution. 1. Does the solution provide an SLA (Service Level Agreement) of 99.9% and above? Describe your SLAs and any penalties and credits. 2. Does the solution provide 365 x 24 x 7 support with a one-hour response time for critical issues? Describe your support model. 3. Does the solution provide advance notification as well as a list of scheduled maintenance windows where service may not be available? Describe your maintenance windows. 4. Does the solution provide pro-active notification within one hour of service disruption for any un-scheduled service outages where service may not be available? Describe the nature of your outages in the last 12 months. 5. Can the vendor provide independent 3rd party assessments of its infrastructure service compliance for last 12 months? (i.e., SOC 1 (SSAE 16), SOC 2, SOC 3, SYS Trust, WebTrust, ISAE 3042, Safe Harbor, PCI-DSS, HIPPA, ISO 27001, etc.) 6. Can the vendor provide a schedule of on-going independent 3 rd party assessments of its infrastructure and services compliance? Application Please answer the following Application related questions for your Cloud solution. 1. Does the solution have the five essential characteristics of cloud computing? (On demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service) 2. Is the solution network accessible from mobile devices, laptops and workstations? List the mobile app platforms and major web browsers you support. 3. Is your solution multi-tenant? Describe the multi-tenancy architecture from the application and data perspectives. 4. Does the solution provide automatic upgrades for all users? Describe the release schedule. 5. Does the solution provide a staging or test environment for new features? 6. Does the solution use Java or.net as the development platform? 7. Does the solution use LAMP stack or open source platforms? 8. Does the solution require client software to be installed on client machines or devices? 9. Does the solution provide the ability to control both active and inactive session timeouts? Informatica Enterprise Architecture Page 3

Integrations Please answer the following Integrations related questions for your Cloud solution. 1. Does the solution provide the ability to integrate with SAML 2.0, for Single Sign-On? List the identity providers your solution integrates with. 2. Does the solution have account management capabilities? Describe the user provisioning & de-provisioning and role modification & permissions, single user additions and bulk loads. 3. Does the solution provide integration with Web Services APIs? (i.e. SOAP, REST) Please describe and provide documentation for the APIs. 4. Does the solution provide the transfer of Informatica s data via a secure transfer method?.(i.e. secure FTP, https, etc.). Describe the various secure integration methods. 5. Does the solution provide the ability to filter data retrieval via web services by attributes? 6. Does the solution provide the ability to retrieve data as single records or as batches via web services for those solutions that contain high volumes (1M plus) of data? Data Please answer the following Data related questions for your Cloud solution. 1. Will the solution contain employee user data? 2. Will the solution contain customer data? 3. Will the solution contain confidential or sensitive information? 4. Will the solution contain financial data? 5. Will the solution contain personally identifiable information (PII)? 6. Does the solution provide the ability to enforce data retention policies? 7. Does the solution provide the ability to encrypt data in transit? 8. Does the solution provide the ability to encrypt data at rest? 9. Does the solution provide the ability to view or export historical data? 10. Does the solution provide the ability to extract our data? Describe the various methods. 11. Does the solution provide the ability to bulk load data? Describe the various methods. 12. Can the solution generate reports? What reporting does this solution provide? 13. Does the solution provide any segregation of data from other customers? Describe what data and how the data is or is not segregated. Informatica Enterprise Architecture Page 4

Infrastructure Please answer the following Infrastructure related questions for your Cloud solution. 1. Does the solution provide high-availability and fault-tolerance that can recover from events within a datacenter? Please describe. (Events to include: High load, hardware, software or network failure) 2. What capacity of infrastructure is currently available? Describe in terms of Compute, Storage and Network capacities. 3. Does the solution provide a backup and recovery plan that at a minimum must include full weekly backups and daily incremental backups? 4. Do you have a business continuity and disaster recovery plan? Describe how you would recover from a natural disaster. 5. Does the solution provide a fail-over or disaster recovery with a one-hour response time in the event of a disaster, such as an alternate recovery site, co-location, datacenter, etc.? Describe your Recovery Time Objectives and Recovery Point Objectives (RTO/RPO). 6. Does the solution provide documentation on the segregation of infrastructure from other customers or other environments? Please provide and describe. 7. Does the solution provide additional development, testing, and/or staging environments in addition to the production environments? Network Please answer the following Network related questions for your Cloud solution. 1. Can the vendor provide estimates of average bandwidth usage requirements per user? 2. Does the solution provide network metrics to determine impact to Informatica s corporate network bandwidth? 3. Does the solution have the ability to throttle bandwidth usage? 4. Does the solution use a CDN (Content Delivery Network) such as Akamai? Informatica Enterprise Architecture Page 5

Security Please answer the following Security related questions for your Cloud solution. 1. Does the solution have appropriate security best practices in place? 2. What security solutions do you employ? (e.g. Anti-Virus, Perimeter Firewalls, Web Application Firewalls, Intrusion Detection/Prevention Systems, etc.) 3. Do you notify Informatica of any breaches of our data? 4. Does the solution support multi-factor authentication? Describe what methods are available. 5. Does the solution provide the ability to control network access to the application by named IPs or IP ranges, also referred to as restricting access by IP, or control network access to the application by device? 6. Does the solution provide the ability to enforce Informatica specified password policies? 7. Does the solution provide the ability to control application functionality access by roles for all users, also referred to as Roles Based Access Control (RBAC), via methods such as by attribute or based on a hierarchy? 4. Does the solution provide the ability to audit and export user accounts and historical user activity? 5. What type and level of encryption does the solution support? 6. Does the solution support the generation of pre-shared key values by Informatica? 7. Does the solution use the same pre-shared key for multiple customers? 8. Can the vendor provide evidence of segregation of customer deployments? VPN Connectivity Standards Please answer the following VPN related questions for your Cloud solution ONLY if the solution requires access to Informatica s resources for integration purposes, such as for the following: Active Directory integration Integration with an on-premise Informatica application Site to site VPN tunnel 1. Does the solution require VPN connectivity to internal application, infrastructure or resources? 2. Does the solution support the IP Sec protocol? 3. Does the solution provide the ability to limit it s connectivity and access to only the ports and IPs necessary for integration? 4. Does the solution use the RFC1918 10.x internal address spacing convention? 5. Can the solution provide named IPs or IP ranges so as to be able to distinguish the solution s network traffic? 6. Can the solution limit all network connectivity from the solution to Informatica resources through secure channels? (i.e. secure file transfer, ssh, https, etc.). 7. What type and level of encryption does the VPN solution support? Informatica Enterprise Architecture Page 6

Compliance and Legal Please answer the following Legal related questions for your Cloud solution. 1. Does the solution comply with United States federal and (fifty) states data privacy laws? (i.e. SB1386, MA201, Nevada597) 2. Does the solution comply with international data privacy laws? (i.e. European Privacy Laws, Safe Harbor, bi-lateral agreements between countries) 3. Does the vendor promptly notify Informatica of any non-compliance by solution with such laws (in 1. and 2. above) related to Informatica s data? 4. Can the vendor provide supporting documentation / information regarding compliance with such laws (in 1. and 2. above)? 5. Does the vendor notify Informatica of any 3rd Party requests for our data or information, including but not limited to, those related to legal or other administrative proceedings? 6. Does the vendor obtain Informatica s authorization for any release of our data or information to any 3rd Party? 7. Does the solution provide the ability for Informatica to acquire/retain vendor s data based on legally-related requests from Informatica? 8. Can the vendor provide their policies on customer s rights for request to audit and audit rights? 9. Does the solution provide options for opting out of secondary use of Informatica s data to 3rd parties, partners, etc? 10. Does the solution provide options for opting out of storage of Informatica s data outside of the United States border in particular countries deemed unsafe by Informatica? 11. Does the solution provide the ability to retrieve or export Informatica s data upon termination of service? 12. Does the solution provide the ability / requirement to destroy all Informatica data upon termination of service after retrieval / export, including data stored on backups? 13. Does the solution provide remedies for breach of SLA compliance and other requirements? 14. Does the vendor use any 3 rd party OEM embedded in the product? Can the vendor provide a list of all 3rd party vendors and their relationships? Informatica Enterprise Architecture Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information