Re: Terms and Conditions for external hosting

[Todd Haverkos <infosec () haverkos com>]

"Hembrow, Chris" <chris.hembrow () interserve com> writes:
> Hi folks.  
>
> I'm looking at Occupational Health systems for our business, which will hold potentially sensitive medical 
> information on our employees.  We are potentially looking at externally hosted solutions, and I'm trying to get an 
> idea of what sort of things I should look to ensure are included in any contract.  
>
> So far, all I can think of specifically is around ensuring an appropriate employee vetting process for the suppliers 
> employees and the hosts employees, ISO27001 for the hosts, and segregation of data from their other customers.  I'll 
> also push for encryption of data at rest.
>
> We're in the UK, and I'm not aware of any regulations which apply apart from the Data Protection Act.
>
> Thanks,

I won't pretend this is a complete answer, and I suppose such
questions require responses that include the phrase "I am not a
lawyer" but I noticed a recent Packet Pushers podcast on the topic at
hand.  I haven't gotten through it yet, but their content is usually
well worth a listen. 

http://packetpushers.net/show-55-questions-you-should-be-asking-your-cloud-provider/

--
Todd Haverkos, LPT MsCompE
http://haverkos.com/
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com