Although the potential for cloud computing is exciting and the suppliers are often innovative, agile and dynamic – constantly adding new features to their products – it is worth checking that they are doing the ‘boring stuff’, too. If your
internal IT systems are subject to information governance policies then these policies need to be extended to your cloud-based systems, and you should expect your cloud provider to take the same care with their systems as your business does with its own. Here are some questions to ask your provider about their processes and practices:
- Do they follow any industry best practices for IT service management such as, for example, ITIL (IT Infrastructure Library)?
- Have their internal controls of IT systems and processes been independently audited to SAS 70 standards and can you have a copy of the audit report?
- Do they have ISO 27001 certification for their Information Security Management System?
But even if your data is in good hands you may want to switch cloud provider or move your cloud-based systems in-house at some point so you should ask your provider about open cloud standards, too.