The move towards cloud computing is exciting for many businesses. Not only are they able to realize cost savings through lesser maintenance of their own IT systems, many cloud tools enable new levels of sharing, collaboration and ease of access, which can transform the way businesses work.

However, wider adoption of cloud computing leads to increased scrutiny, both from users and regulators. The availability, integrity and confidentiality of data remains critical for any business regardless of whether it is stored on site or in the cloud. Thus prior to entering any hosting or cloud arrangement, companies should have a robust process in place to evaluate the service.

As a starting point, organisations need to determine the type of cloud service they intend to use. Services to be deployed must be rated with respect to the function and criticality of the business.  Also:

  • Involve the IT or security team early in partnership with the business. That way, security and compliance issues can be addressed upfront, allowing business decision makers to conduct a risk-reward assessment prior selecting the right vendor.
  • Check whether the provider is security certified (eg: ISO 27000 or IRAP).
  • Ask what happens to your data at the end of the contract – how is it removed from the providers hardware?
  • Check what happens to any hardware used to store your data that reaches its end of life? How is it destroyed or recycled?
  • How are information breaches or incidents reported - response time and process?
  • What compliance requirements do you have – is data to be hosted locally?
  • What rights do you have to audit the supplier or at least review their internal audit reports?
  • How sustainable is the organisation – is it a relatively new supplier or does it have a proven track record?
  • How does the contract deal with access control and change management procedures?
  • What are the business continuity arrangements in the event of a disaster?
  • How does the contract deal with these type of information security requirements?
  • Ensure Service Levels Agreements meet the expectations of the business.

As technology continues to evolve at a rapid pace, it is fundamental to stay abreast with regulatory changes that impact the use of cloud services to ensure continued compliance. Also, find a way to gain comfort that service providers continue to focus on ensuring high standards of data security, availability and integrity.

Protecht is the leading provider of Enterprise Risk Management software to Australian federal government agencies and industry.  We have spent the last months enhancing our own security framework, gaining the ISO27000 certification in 2016.  If you are interested in how we are using Protecht.ERM  to support compliance and our security processes, contact

New call-to-action

The Complete Guide to

Compliance and Compliance Risk Management

Download Now

Related Articles

feature image
Bow Tie Analysis Risk Culture Risk Management Operational Risk Risk Professionals

Non-Financial Risk – Why the big focus?

The latest focus in risk management seems to be “Non-Financial Risk”. Search for “Non-Financial Risk” on Google and you will be returned everything...
Read more
feature image
Compliance Management Protecht News & Events Risk Management Risk Reporting Videos Compliance Professionals

Modern Slavery - Being Prepared

Do you know what the Modern Slavery Act is and how it will impact your business? We had the opportunity to have Associate Professor Justine Nolan...
Read more
feature image
Risk Culture Risk Management Videos

Difficulties in Engaging Staff in Risk Management: Making Risk Management Real

This is part 2 of our video series on "Difficulties in Engaging Staff in Risk Management". David Tattam provides an example of how you can make risk...
Read more