Cloud Checklist Quiz Jan 6, 2025 | Uncategorized | 0 comments Cloud checklist Test questions Enter email to receive results: 34Cloud Architecture3435Governance Risk and Compliance353535353535353535353535353536Information Management and Security36363636363636363636363637Business Continuity and Disaster Recovery373738Incident Management383839Compliance40Data Protection4040404011Access Control11111144Data Retention and Deletion4444444445Data Portability454546Data Integrity4647Business Continuity47474748Monitoring and Alerting48484849Environmental Responsibility4949494949Page 1 of 14Cloud Architecture 1. Cloud Service ModelsCloud Software as a Service (SaaS)Cloud Platform as a Service (PaaS)Cloud Infrastructure as a Service (IaaS)N/A 2. Cloud Deployment ModelsPublic CloudPrivate / Community CloudHybrid CloudN/A Page 2 of 14Governance Risk and Compliance 3. Company business case and evaluation of cost and benefits related to the move to a cloud provider.Provide Business Case 4. Scope Identified to host on cloud.Provide Details 5. Classified all information assets (data, application, processes) that are considered to host on cloud.PublicInternalConfidentialConfidential and Restricted 6. Prepared Cloud provider potential candidates list?YesNo 7. Sanity check performed on Cloud provider (financial, references, authenticity, etc.).YesNo 8. Decision process of migrating to cloud services (legal, Information security, finance, etc).ImplementedPartially ImplementedNot ImplementedN/A 9. Evaluation of design and requirements of application to host on the cloud?YesNo 10. Do Cloud Service Providers align with the Company security policy?YesNo 11. Cloud Service Provider aligned with the IS regulation / the Company requirements?YesNo 12. Does Cloud Service Provider conduct penetration tests of cloud infrastructure regularly? If yes, are the results available to tenants?YesNo 13. Does Cloud provider conduct internal audits regularly as prescribed by industry best practices?YesNo 14. Can the Company conduct an Information Security-related independent assessment/audit?YesNo 15. Can the Company conduct a BC (Business Continuity) independent assessment/audit?YesNo 16. Does Cloud Service Provider comply with ISO 27001:2022?YesNo 17. Does Cloud Service Provider comply with PCI DSS, in case of credit cards?YesNo Page 3 of 14Information Management and Security 18. Cloud Service Provider infrastructure locations?Provide Details 19. Physical location where data is stored? (multijurisdictional)Specify Country and Data Center Location 20. Does Cloud Service Provider have the capability to restrict the storage of customer data to specific countries (e.g., UAE)?YesNo 21. Does the Company remain the sole owner of any asset migrated to the Cloud Service Provider?YesNo 22. How does the Cloud Service Provider separate the Company’s data from other customers’ data?Provide Details 23. How does the Cloud Service Provider transfer data from the Company to the cloud?Provide Details 24. Does Cloud Service Provider allow tenants to define acceptable geographical locations for data routing or resource instantiation?YesNo 25. Can the Cloud Service Provider ensure that data does not migrate beyond a defined geographical residency?YesNo 26. How does the Cloud Service Provider ensure that all the Company’s data is securely erased/deleted at the end of service or upon request?Provide Details 27. What are your data leak prevention capabilities?Provide Details 28. How does the Cloud Service Provider ensure data disposal from multiple cloud data stores?Provide Details 29. Does the Cloud Service Provider support logging and monitoring of the Company’s data access activities?YesNo 30. Can the Cloud Service Provider provide audit logs to the Company?YesNo Page 4 of 14Business Continuity and Disaster Recovery 31. What are the Cloud Service Provider’s backup and recovery capabilities?Provide Details 32. How does the Cloud Service Provider ensure disaster recovery and business continuity?Provide Details 33. Does the Cloud Service Provider meet the Company’s Recovery Time Objective (RTO) and Recovery Point Objective (RPO)?YesNo Page 5 of 14Incident Management 34. How does the Cloud Service Provider handle a major incident or data breach?Provide Details 35. Does the Cloud Service Provider have an incident response plan?YesNo 36. Can the Cloud Service Provider notify the Company in case of incidents or breaches?YesNo Page 6 of 14Compliance 37. Does the Cloud Service Provider comply with GDPR or other relevant data protection regulations?YesNo Page 7 of 14Data Protection 38. Does the Cloud Service Provider support encryption for data at rest?YesNo 39. Does the Cloud Service Provider support encryption for data in transit?YesNo 40. What encryption methods does the Cloud Service Provider use?Provide Details 41. Does the Cloud Service Provider support key management for encryption?YesNo 42. Who owns the encryption keys for the Company’s data hosted with the Cloud Service Provider?Provide Details Page 8 of 14Access Control 43. Does the Cloud Service Provider support multi-factor authentication (MFA) for accessing resources?YesNo 44. How does the Cloud Service Provider manage access control for users and administrators?Provide Details 45. Does the Cloud Service Provider support role-based access control (RBAC)?YesNo 46. Does the Cloud Service Provider support logging and auditing of access control changes?YesNo Page 9 of 14Data Retention and Deletion 47. Does the Cloud Service Provider have a data retention policy?YesNo 48. Can the Company define custom data retention periods?YesNo 49. How does the Cloud Service Provider ensure secure data deletion upon request?Provide Details 50. Does the Cloud Service Provider support automated data purging based on policies?YesNo 51. Can the Cloud Service Provider ensure that all Company data is permanently deleted if services are terminated?YesNo Page 10 of 14Data Portability 52. Does the Cloud Service Provider allow the Company to export its data at any time?YesNo 53. How does the Cloud Service Provider ensure data portability between different cloud platforms?Provide Details 54. Does the Cloud Service Provider comply with interoperability standards (e.g., APIs, data formats)?YesNo Page 11 of 14Data Integrity 55. What steps does the Cloud Service Provider take to ensure data integrity during transfers?Provide Details 56. Does the Cloud Service Provider conduct regular integrity checks on stored data?YesNo Page 12 of 14Business Continuity 57. Does the Cloud Service Provider ensure regular testing of disaster recovery plans?YesNo 58. Can the Cloud Service Provider support geographically separated backups for disaster recovery?YesNo 59. How does the Cloud Service Provider ensure high availability and failover capabilities?Provide Details 60. Does the Cloud Service Provider provide Service Level Agreements (SLAs) for uptime and availability?YesNo Page 13 of 14Monitoring and Alerting 61. Does the Cloud Service Provider offer continuous monitoring of systems and services?YesNo 62. What tools are used by the Cloud Service Provider for monitoring and alerting?Provide Details 63. Does the Cloud Service Provider allow real-time alerting to the Company in case of service issues?YesNo 64. Can the Cloud Service Provider provide API access for monitoring metrics?YesNo Page 14 of 14Environmental Responsibility 65. Does the Cloud Service Provider adhere to environmental sustainability practices?YesNo 66. How does the Cloud Service Provider contribute to reducing its carbon footprint?Provide Details 67. Does the Cloud Service Provider have a policy for recycling or responsibly disposing of hardware?YesNo 68. What measures does the Cloud Service Provider take to minimize energy consumption in data centers?Provide Details 69. Does the Cloud Service Provider actively support renewable energy initiatives?YesNo 70. Does the Cloud Service Provider provide transparency reports regarding environmental impact?YesNo Loading... Submit a Comment Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment. Δ
