Cloud computing provider assessment

The following Practice Management precedent provides comprehensive and up to date legal information covering:

  • Cloud computing provider assessment

Cloud computing provider assessment

Services

What services are we actually putting in the cloud?
How much confidential or personal client data is going into the cloud service?
Are there specific jurisdictions we need to avoid?

Availability requirements

How business critical is the service?
How long can we afford for service to be unavailable?
Is this service required all the time or only during specific hours

Provider comparator

Availability

Question[Insert name of provider 1][Insert name of provider 2]
What level of uptime is being promised by the provider?
Is uptime constant or only during specific core hours?
Does this match our needs?
Does the provider distinguish between unscheduled and scheduled downtime?
Is there a limit on scheduled downtime?
How much notice will we get of scheduled downtime?
Will compensation be paid if there is unscheduled downtime?
Is there a limit on compensation?
Is the compensation enough to meet our expected losses?

Data

Question[Insert name of provider 1][Insert name of provider 2]
Will the data be stored in a public or private cloud?
Is our data currently in a format that is compatible with the provider’s requirements?
Will the data be stored in or pass through a non-EEA country?
Does the provider comply with applicable requirements under data protection law, eg security of processing requirements?
Will we be able to comply with all requirements
Related documents:

Popular documents