Introducing Marketplace: Fast-track your ERM system implementation
Learn More

WHAT TO HAVE IN MIND?

The move towards cloud computing is exciting for many businesses. Not only are they able to realise cost savings through lesser maintenance of their own IT systems, many cloud tools enable new levels of sharing, collaboration and ease of access, which can transform the way businesses work.

However, wider adoption of cloud computing leads to increased scrutiny, both from users and regulators. The availability, integrity and confidentiality of data remains critical for any business regardless of whether it is stored on site or in the cloud. Thus prior to entering any hosting or cloud arrangement, companies should have a robust process in place to evaluate the service.

As a starting point, organisations need to determine the type of cloud service they intend to use. Services to be deployed must be rated with respect to the function and criticality of the business.  Also:

  • Involve the IT or security team early in partnership with the business. That way, security and compliance issues can be addressed upfront, allowing business decision makers to conduct a risk-reward assessment prior selecting the right vendor.
  • Check whether the provider is security certified (eg: ISO 27000 or IRAP).
  • Ask what happens to your data at the end of the contract – how is it removed from the providers hardware?
  • Check what happens to any hardware used to store your data that reaches its end of life? How is it destroyed or recycled?
  • How are information breaches or incidents reported - response time and process?
  • What compliance requirements do you have – is data to be hosted locally?
  • What rights do you have to audit the supplier or at least review their internal audit reports?
  • How sustainable is the organisation – is it a relatively new supplier or does it have a proven track record?
  • How does the contract deal with access control and change management procedures?
  • What are the business continuity arrangements in the event of a disaster?
  • How does the contract deal with these type of information security requirements?
  • Ensure Service Levels Agreements meet the expectations of the business.

As technology continues to evolve at a rapid pace, it is fundamental to stay abreast with regulatory changes that impact the use of cloud services to ensure continued compliance. Also, find a way to gain comfort that service providers continue to focus on ensuring high standards of data security, availability and integrity.

Protecht is the leading provider of Enterprise Risk Management software to Australian federal government agencies and industry.  We have spent the last months enhancing our own security framework, gaining the ISO27000 certification in 2016.  If you are interested in how we are using Protecht.ERM  to support compliance and our security processes, contact info@protechtgroup.com

Banner_Improving your Insights into Risk with Historical Models_1200x600

 

Related Articles

feature image
Compliance Management, Risk Management, Risk Manager

Are you allocating enough resources to compliance and risk management, and are you getting a positive ROI?

Macquarie Group has disclosed in its latest financial results that the group spent $785 million on compliance in the year to 31 March 2022, a 22%...
Read more
feature image
Risk Management, ERM, Protecht.ERM

Risk Appetite Driven Decision Making

"Would you rather?" is a party game that poses dilemmas by asking questions starting with "would you rather?". As an example: Would you rather be...
Read more
feature image
Risk Management, ERM, Protecht.ERM

ERM and other Risk Management acronyms

The management of an organization's risks on a true enterprise basis should be the aim of contemporary risk management. Enterprise Risk Management...
Read more