Terms and Conditions for external hosting

["Hembrow, Chris" <chris.hembrow () interserve com>]

Hi folks.  

I'm looking at Occupational Health systems for our business, which will hold potentially sensitive medical information 
on our employees.  We are potentially looking at externally hosted solutions, and I'm trying to get an idea of what 
sort of things I should look to ensure are included in any contract.  

So far, all I can think of specifically is around ensuring an appropriate employee vetting process for the suppliers 
employees and the hosts employees, ISO27001 for the hosts, and segregation of data from their other customers.  I'll 
also push for encryption of data at rest.

We're in the UK, and I'm not aware of any regulations which apply apart from the Data Protection Act.

Thanks,

Chris


"This email and any file attachments do not form a contract unless expressly stated. They may contain privileged, 
confidential and/or copyright information. If you are not the intended recipient or the service provider responsible 
for delivering this please delete the material from any computer and return to the sender at once; do not use, disclose 
or reproduce its contents. We do not accept liability for any error or omission in the message arising from corruption 
of, delay in or interference with, its transmission. We reserve the right to monitor email communications through 
normal internal and external networks. We believe but do not warrant that the email and the file attachments are virus 
free." 

Interservefm Ltd.  Registered in England, Number : 2820560.
Registered Office: Capital Tower, 91 Waterloo Road, London SE1 8RT.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com