The IT Law Wiki


European Network and Information Security Agency, Procure Secure: A Guide to Monitoring of Security Service Levels in Cloud Contracts (Apr. 2, 2012) (full-text).


This is a practical guide aimed at the procurement and governance of cloud services. This guide provides advice on questions to ask about the monitoring of security. The goal is to improve public sector customer understanding of the security of cloud services and the potential indicators and methods which can be used to provide appropriate transparency during service delivery. One-off or periodic provider assessments are a vital component of effective security management. However, they are insufficient without additional feedback in the intervals between assessments: they do not provide real-time information, regular checkpoints or threshold based alerting, as covered in the report.