PaulDotCom mailing list archives
Re: Terms and Conditions for external hosting
From: Todd Haverkos <infosec () haverkos com>
Date: Wed, 03 Aug 2011 11:04:55 -0500
"Hembrow, Chris" <chris.hembrow () interserve com> writes:
Hi folks. I'm looking at Occupational Health systems for our business, which will hold potentially sensitive medical information on our employees. We are potentially looking at externally hosted solutions, and I'm trying to get an idea of what sort of things I should look to ensure are included in any contract. So far, all I can think of specifically is around ensuring an appropriate employee vetting process for the suppliers employees and the hosts employees, ISO27001 for the hosts, and segregation of data from their other customers. I'll also push for encryption of data at rest. We're in the UK, and I'm not aware of any regulations which apply apart from the Data Protection Act. Thanks,
I won't pretend this is a complete answer, and I suppose such questions require responses that include the phrase "I am not a lawyer" but I noticed a recent Packet Pushers podcast on the topic at hand. I haven't gotten through it yet, but their content is usually well worth a listen. http://packetpushers.net/show-55-questions-you-should-be-asking-your-cloud-provider/ -- Todd Haverkos, LPT MsCompE http://haverkos.com/ _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Terms and Conditions for external hosting Hembrow, Chris (Aug 03)
- Re: Terms and Conditions for external hosting Todd Haverkos (Aug 03)
- Re: Terms and Conditions for external hosting Williams, Marn PENC:EX (Aug 04)
- Re: Terms and Conditions for external hosting Hembrow, Chris (Aug 05)