Cloud Checklist Quiz Jan 6, 2025 | Uncategorized | 0 comments Cloud checklist Test questions Enter email to receive results: 34Cloud Architecture3435Governance Risk and Compliance35353535353535353535353536Information Management and Security363636363637Business Continuity and Disaster Recovery38Incident Management3839Compliance40Data Protection404011Access Control111144Data Retention and Deletion44444445Data Portability4546Data Integrity47Business Continuity474748Monitoring and Alerting484849Environmental Responsibility494949Page 1 of 14Cloud Architecture 1. Cloud Service ModelsCloud Software as a Service (SaaS)Cloud Platform as a Service (PaaS)Cloud Infrastructure as a Service (IaaS)N/A 2. Cloud Deployment ModelsPublic CloudPrivate / Community CloudHybrid CloudN/A Page 2 of 14Governance Risk and Compliance 3. Classified all information assets (data, application, processes) that are considered to host on cloud.PublicInternalConfidentialConfidential and Restricted 4. Prepared Cloud provider potential candidates list?YesNo 5. Sanity check performed on Cloud provider (financial, references, authenticity, etc.).YesNo 6. Decision process of migrating to cloud services (legal, Information security, finance, etc).ImplementedPartially ImplementedNot ImplementedN/A 7. Evaluation of design and requirements of application to host on the cloud?YesNo 8. Do Cloud Service Providers align with the Company security policy?YesNo 9. Cloud Service Provider aligned with the IS regulation / the Company requirements?YesNo 10. Does Cloud Service Provider conduct penetration tests of cloud infrastructure regularly? If yes, are the results available to tenants?YesNo 11. Does Cloud provider conduct internal audits regularly as prescribed by industry best practices?YesNo 12. Can the Company conduct an Information Security-related independent assessment/audit?YesNo 13. Can the Company conduct a BC (Business Continuity) independent assessment/audit?YesNo 14. Does Cloud Service Provider comply with ISO 27001:2022?YesNo 15. Does Cloud Service Provider comply with PCI DSS, in case of credit cards?YesNo Page 3 of 14Information Management and Security 16. Does Cloud Service Provider have the capability to restrict the storage of customer data to specific countries (e.g., UAE)?YesNo 17. Does the Company remain the sole owner of any asset migrated to the Cloud Service Provider?YesNo 18. Does Cloud Service Provider allow tenants to define acceptable geographical locations for data routing or resource instantiation?YesNo 19. Can the Cloud Service Provider ensure that data does not migrate beyond a defined geographical residency?YesNo 20. Does the Cloud Service Provider support logging and monitoring of the Company’s data access activities?YesNo 21. Can the Cloud Service Provider provide audit logs to the Company?YesNo Page 4 of 14Business Continuity and Disaster Recovery 22. Does the Cloud Service Provider meet the Company’s Recovery Time Objective (RTO) and Recovery Point Objective (RPO)?YesNo Page 5 of 14Incident Management 23. Does the Cloud Service Provider have an incident response plan?YesNo 24. Can the Cloud Service Provider notify the Company in case of incidents or breaches?YesNo Page 6 of 14Compliance 25. Does the Cloud Service Provider comply with GDPR or other relevant data protection regulations?YesNo Page 7 of 14Data Protection 26. Does the Cloud Service Provider support encryption for data at rest?YesNo 27. Does the Cloud Service Provider support encryption for data in transit?YesNo 28. Does the Cloud Service Provider support key management for encryption?YesNo Page 8 of 14Access Control 29. Does the Cloud Service Provider support multi-factor authentication (MFA) for accessing resources?YesNo 30. Does the Cloud Service Provider support role-based access control (RBAC)?YesNo 31. Does the Cloud Service Provider support logging and auditing of access control changes?YesNo Page 9 of 14Data Retention and Deletion 32. Does the Cloud Service Provider have a data retention policy?YesNo 33. Can the Company define custom data retention periods?YesNo 34. Does the Cloud Service Provider support automated data purging based on policies?YesNo 35. Can the Cloud Service Provider ensure that all Company data is permanently deleted if services are terminated?YesNo Page 10 of 14Data Portability 36. Does the Cloud Service Provider allow the Company to export its data at any time?YesNo 37. Does the Cloud Service Provider comply with interoperability standards (e.g., APIs, data formats)?YesNo Page 11 of 14Data Integrity 38. Does the Cloud Service Provider conduct regular integrity checks on stored data?YesNo Page 12 of 14Business Continuity 39. Does the Cloud Service Provider ensure regular testing of disaster recovery plans?YesNo 40. Can the Cloud Service Provider support geographically separated backups for disaster recovery?YesNo 41. Does the Cloud Service Provider provide Service Level Agreements (SLAs) for uptime and availability?YesNo Page 13 of 14Monitoring and Alerting 42. Does the Cloud Service Provider offer continuous monitoring of systems and services?YesNo 43. Does the Cloud Service Provider allow real-time alerting to the Company in case of service issues?YesNo 44. Can the Cloud Service Provider provide API access for monitoring metrics?YesNo Page 14 of 14Environmental Responsibility 45. Does the Cloud Service Provider adhere to environmental sustainability practices?YesNo 46. Does the Cloud Service Provider have a policy for recycling or responsibly disposing of hardware?TrueFalse 47. Does the Cloud Service Provider actively support renewable energy initiatives?YesNo 48. Does the Cloud Service Provider provide transparency reports regarding environmental impact?YesNo Loading... Submit a Comment Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment. Δ
