Cloud Service Checklist for Public Sector Organizations

When selecting a cloud-based business system such as a meeting management solution, it’s more important than ever to ensure that the prospective software solution and its provider meet all of your organization’s data security, privacy and software maintenance requirements. Here are 30 questions you should ask your provider – more checked off, more secure.

Security and Privacy

Does the provider…

1. Have corporate policies considering staff access to customer sites and customer data privacy that is consistent with industry standards and your own corporate policies?
2. Only store and/or access customer data within a customer’s own country?
3. Have security measures to protect against DDOS (Distributed Denial of Service) attacks?
4. Security program contain data ownership and destruction policies?
5. Perform background checks on all personnel who have access to customer data or sites?
6. Prohibit personnel from storing customer data on any mobile devices or removable media?
7. Do any mobile applications that can access the system utilizing encryption and preclude local storage without being protected by user credentials?
8. Isolate each customer’s data from that of other customers?
9. Annually, or as appropriate, audit the effectiveness of its security and undergo security penetration testing?
10. Successfully been unaffected by any security incidents, data breaches or loss of information within the last 5 years?
11. Accommodate requests for third-party security compliance audits (at customer cost)?
12. Have a policy prohibiting the use of customer data for the provider’s own business processes?
13. Have a policy to notify customers of legal authority or law enforcement requests to disclose those customers’ data?
14. Distribute data across multiple (e.g. primary, backup) locations for redundancy and availability?
15. Maintain an N+1 configuration in all of its data centers?
16. Include a disaster recovery plan?
17. Solution offers multiple levels of administrative access?
18. Can customer security staff create and manage user accounts for the solution through their existing ADFS or Azure AD?

Operations, Maintenance and Support

Does the provider…

19. Implement end-to-end service monitoring?
20. Notify customers of upcoming service or software changes prior to their implementation?
21. Communicate maintenance windows to customers in advance and consider customer feedback regarding the timing
22. Have a documented process for validating functionality during upgrades?
23. Have formal, documented life-cycle management processes for the software?
24. Make use of automated event notification tools to monitor status and performance?
25. Have contingency plans for service interruptions or release management issues?
26. Have defined strategy for handling unplanned infrastructure and network utilization spikes?
27. Offer customers an online page for checking the status and health of the solution?
28. Offer a customer-accessible portal for support and help desk ticketing?
29. Can the solution’s architecture be seamlessly scaled to maintain performance as more customers adopt the platform and existing customers grow?
30. Can customer data be reclaimed by the customer in its original native format at the end of the contract term?

Get In Touch for More Information

eScribe meeting management checks all of the above boxes.

For further details about how the eScribe solution and the Microsoft Azure platform it runs upon meet these criteria, contact us at [email protected].