Cloud checklist Jan 5, 2025 | Uncategorized | 0 comments Cloud checklist quiz questions Enter email to receive results: 34Cloud Architecture3441Governance, Risk, and Compliance414141414141414141414141414136Information Management and Security36363636363636363636363637Business Continuity and Disaster Recovery373738Incident Management383839Compliance40Data Protection4040404011Access Control1111110Uncategorized0Page 1 of 9Cloud Architecture 1. Cloud Service ModelsCloud Software as a Service (SaaS)Cloud Platform as a Service (PaaS)Cloud Infrastructure as a Service (IaaS)N/A 2. Cloud Deployment ModelsPublic CloudPrivate / Community CloudHybrid CloudN/A Page 2 of 9Governance, Risk, and Compliance 3. Company business case and evaluation of cost and benefits related to the move to a cloud provider.Provide Business Case 4. Scope Identified to host on cloud.Provide Details 5. Classified all information assets (data, application, processes) that are considered to host on cloud.PublicInternalConfidentialConfidential and Restricted 6. Prepared Cloud provider potential candidates list?YesNo 7. Sanity check performed on Cloud provider (financial, references, authenticity, etc.).YesNo 8. Decision process of migrating to cloud services (legal, Information security, finance, etc).ImplementedPartially ImplementedNot ImplementedN/A 9. Evaluation of design and requirements of application to host on the cloud?YesNo 10. Do Cloud Service Providers align with the Company security policy?YesNo 11. Cloud Service Provider aligned with the IS regulation / the Company requirements?YesNo 12. Does Cloud Service Provider conduct penetration tests of cloud infrastructure regularly? If yes, are the results available to tenants?YesNo 13. Does Cloud provider conduct internal audits regularly as prescribed by industry best practices?YesNo 14. Can the Company conduct an Information Security-related independent assessment/audit?YesNo 15. Can the Company conduct a BC (Business Continuity) independent assessment/audit?YesNo 16. Does Cloud Service Provider comply with ISO 27001:2022?YesNo 17. Does Cloud Service Provider comply with PCI DSS, in case of credit cards?YesNo Page 3 of 9Information Management and Security 18. Cloud Service Provider infrastructure locations?Provide Details 19. Physical location where data is stored? (multijurisdictional)Specify Country and Data Center Location 20. Does Cloud Service Provider have the capability to restrict the storage of customer data to specific countries (e.g., UAE)?YesNo 21. Does the Company remain the sole owner of any asset migrated to the Cloud Service Provider?YesNo 22. How does the Cloud Service Provider separate the Company’s data from other customers’ data?Provide Details 23. How does the Cloud Service Provider transfer data from the Company to the cloud?Provide Details 24. Does Cloud Service Provider allow tenants to define acceptable geographical locations for data routing or resource instantiation?YesNo 25. Can the Cloud Service Provider ensure that data does not migrate beyond a defined geographical residency?YesNo 26. How does the Cloud Service Provider ensure that all the Company’s data is securely erased/deleted at the end of service or upon request?Provide Details 27. What are your data leak prevention capabilities?Provide Details 28. How does the Cloud Service Provider ensure data disposal from multiple cloud data stores?Provide Details 29. Does the Cloud Service Provider support logging and monitoring of the Company’s data access activities?YesNo 30. Can the Cloud Service Provider provide audit logs to the Company?YesNo Page 4 of 9Business Continuity and Disaster Recovery 31. What are the Cloud Service Provider’s backup and recovery capabilities?Provide Details 32. How does the Cloud Service Provider ensure disaster recovery and business continuity?Provide Details 33. Does the Cloud Service Provider meet the Company’s Recovery Time Objective (RTO) and Recovery Point Objective (RPO)?YesNo Page 5 of 9Incident Management 34. How does the Cloud Service Provider handle a major incident or data breach?Provide Details 35. Does the Cloud Service Provider have an incident response plan?YesNo 36. Can the Cloud Service Provider notify the Company in case of incidents or breaches?YesNo Page 6 of 9Compliance 37. Does the Cloud Service Provider comply with GDPR or other relevant data protection regulations?YesNo Page 7 of 9Data Protection 38. Does the Cloud Service Provider support encryption for data at rest?YesNo 39. Does the Cloud Service Provider support encryption for data in transit?YesNo 40. What encryption methods does the Cloud Service Provider use?Provide Details 41. Does the Cloud Service Provider support key management for encryption?YesNo 42. Who owns the encryption keys for the Company’s data hosted with the Cloud Service Provider?Provide Details Page 8 of 9Access Control 43. Does the Cloud Service Provider support multi-factor authentication (MFA) for accessing resources?YesNo 44. How does the Cloud Service Provider manage access control for users and administrators?Provide Details 45. Does the Cloud Service Provider support role-based access control (RBAC)?YesNo 46. Does the Cloud Service Provider support logging and auditing of access control changes?YesNo Page 9 of 9Uncategorized 47. Mo 48. Mo Loading... Submit a Comment Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment. Δ
