Interesting Best Practices for Acquiring IT as a Service paper provided by the Federal CIO�Council. If you're doing business with the US�Government�it's worth a read.�
A few key points:
- Selecting a Cloud Service: Choosing the appropriate cloud service and deployment�model is the critical first step in procuring cloud services;
- CSP and End-User Agreements: Terms of Service and all CSP/customer required�agreements need to be integrated fully into cloud contracts;�
- Service Level Agreements (SLAs): SLAs need to define performance with clear terms and�definitions, demonstrate how performance is being measured, and what enforcement�mechanisms are in place to ensure SLAs are met;
- CSP, Agency, and Integrator �Roles and Responsibilities: Careful delineation between the responsibilities and relationships among the Federal agency, integrators, and the�CSP are needed in order to effectively manage cloud services;
- Standards: The use of the NIST cloud reference architecture as well as agency�involvement in standards are necessary for cloud procurements;�
- Security: Agencies must clearly detail the requirements for CSPs to maintain the security�and integrity of data existing in a cloud environment;
- Privacy: If cloud services host �privacy data,� agencies must adequately identify�potential privacy risks and responsibilities and address these needs in the contract;
- E-Discovery: Federal agencies must ensure that all data stored in a CSP environment is �available for legal discovery by allowing all data to be located, preserved, collected,�processed, reviewed, and produced;�
- Freedom of Information Act (FOIA): Federal agencies must ensure that all data stored in�a CSP environment is available for appropriate handling under the FOIA; and
- E-Records: Agencies must ensure CSP�s understand and assist Federal agencies in�compliance with the Federal Records Act (FRA) and obligations under this law
--
You received this message because you are subscribed to the Google
Groups "Cloud Computing Interoperability Forum (CCIF)" group.
To post to this group, send email to cloud...@googlegroups.com
To unsubscribe from this group, send email to
cloudforum+...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cloudforum?hl=en
�
-----
Join our Twitter Group at www.twitter.com/cloudforum
Or Our Linkedin Group at http://ruv.net/a/1eo