Scribd
Upload
156 views

Cloud Computing Due Diligence Checklist

The document provides a checklist for conducting due diligence on cloud computing providers. It outlines key areas to consider, including terms of service, security measures, data backup and recovery procedures, termination policies, geolocation of data, and the stability and history of the provider. The checklist helps ensure the provider can reasonably protect data and systems and allows users to retain control and access to data.

Uploaded by

Satya Puvvula
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
156 views

Cloud Computing Due Diligence Checklist

The document provides a checklist for conducting due diligence on cloud computing providers. It outlines key areas to consider, including terms of service, security measures, data backup and recovery procedures, termination policies, geolocation of data, and the stability and history of the provider. The checklist helps ensure the provider can reasonably protect data and systems and allows users to retain control and access to data.

Uploaded by

Satya Puvvula
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Cloud Computing

Due Diligence Checklist

TERMS OF SERVICE REASONABLE SECURITY

Does the cloud computing provider have a clear Has the cloud provider implemented controls to
and accessible Terms of Service and Privacy Policy? reasonably prevent unauthorized access or disclosure
of information, including penetration testing?
What uptime does the vendor guarantee
as part of their Service Level Agreement? Does the cloud provider offer features to provide user
authentication and prevent unauthorized access?
Is there an initial setup fee? (Ex: Two-factor authentication, IP monitoring, strong
password requirements, role based access control, etc.)
Is there a cap or limitation on the cloud provider’s
ability of service? (bandwidth caps, storage limits, etc.) Does the cloud provider employ encryption
at rest and in transit to protect your data?
Are there additional usage or bandwidth fees?
How often does the cloud provider have their
Does the cloud provider recognize and agree to
security audited (ad hoc, annually, other)?
abide by the duties of lawyer/client confidentiality?
Will the provider allow you to obtain
Does the cloud computing provider explicitly recognize
copies of any security audits performed?
your ownership of any intellectual property?
Does the cloud provider offer support/remedies in the
Does the cloud provider have a contractual obligation to
event of data breaches and service availability failures?
notify you of any demands for client information in time
for you to intervene?
TERMINATION OF SERVICES
BACKUP OF DATA/BUSINESS CONTINUITY Are there any additional costs or penalties
for terminating the cloud computing service?
Are you able to easily retrieve your data
from the cloud computing provider? Will your information be returned/deleted
by the cloud provider upon termination?
Are you able to maintain a local backup of your data?
Can your data be sanitized from the
Is the retrieved data in a usable, non-proprietary format?
cloud provider in the event of termination?
Does the cloud provider have documented (and tested)
business continuity/disaster recovery procedures?
ADDITIONAL CONSIDERATIONS

Does the cloud provider integrate with your other


GEOLOCATION
office systems?
Where are the cloud provider’s servers located?
Have you evaluated the cloud provider’s history,
Does the cloud provider have multiple storage locations— including how long the provider has been in business,
and if so, how often are they synced? and funding and stability?

Does the cloud provider provide you a means to satisfy


any data residency requirements (if applicable)?

Have more questions about evaluating cloud solutions for your firm?
Watch our free, on-demand webinar, Does Cloud Technology Belong at Your Law Firm?

You might also like