OTHER CLOUD SERVICES

Excis can offer end-to-end Cloud Services including; privacy, security, compliance and audit!

The adoption of cloud services is a growing area of IT and many organisations are no longer hosting or implementing their own solutions. tThey are looking out outsource to cloud service providers. Cost and convenience are the main drivers towards the move away from in house hosted services to outsourced cloud services. There are clear benefits by using the cloud, but it is not without risks.

Adoption has previously been slow due to concerns over both security and privacy. Although a number of these concerns have now been addressed there are still a lot of things to think about. Cloud providers use a shared services model where the responsibility for both security and privacy is shared between the service provider and the consumer of the service. If you are not aware of this or have not clearly defined and agreed the boundaries of responsibility within your contract for services, then you could be liable for any data loss or breach.

Cloud service contracts are quite complex and many times the relationships between the end customer and primary supplier are not clear. For example, a Software as a Service (SaaS) provider could have a contract for services where they are hosting their services on another cloud providers platform. An illustration of this is Sage People (HR System) that is hosted on Salesforce (force.com). Your contract is with Sage, and they have a cloud service platform provision contract with Salesforce. In this scenario, there will be differing roles and responsibilities as well as boundaries to each other’s services. From the contract you may have, roles and responsibilities for security, privacy and data breach can be unclear.

Moreover, suppliers such as Salesforce, AWS, Google, SAP and Microsoft try and limit their liabilities and indemnities in their contracts. This means that as a customer, should something go wrong you will be hard placed to recover costs or damages from these suppliers. In order to navigate your way around these different responsibilities, onerous terms and lack of clarity, you need a trusted expert who knows the pitfalls, benefits and advantages to provide you with the best opportunity to reduce your risks and exposure and to ensure that nay cloud contracts are balanced, with you clearly understanding any risks, issues and responsibilities.

Data protection and compliance requirements are increasing and if you want to trade globally, there are many different rules and regulations and you need assistance to be on the right side of the law. Many organisations do not know where to start or cannot afford full time DPO expertise internally due to skills shortages and costs, in many cases it is not cost effective or efficient to have an internal resource. By having a DPO available by outsourcing this function, you get the benefits of both knowledge and cost reduction.

The Benefits Realised

• Ensure that your contacts, software and contracted cloud services are GDPR / privacy / applicable law compliant;
• Have a stronger contract negotiation / bargaining position by understanding the implications and outcomes of a contract;
• Create a third-party supplier surveillance program and be able to provide supporting evidence of cloud contract compliance to your customers;
• Be able to minimise and mitigate risks to your data, services or that of your customers from your cloud suppliers and their respective supply chain;
• Understand your contracts and be able to insure against any problems or issues that may occur;
• Reduce the high costs of retaining internal skills and resources and pay only for services that you consume;
• Provide insights for your overall information security and privacy posture;
• Improve your reliability and availability of systems and data by understanding how your contracts operate;
• Meet your legal obligations under Article 28 of the GDPR, with all necessary contract terms, requirements and due diligence in place and be evidentially compliant;
• Offer your customers terms that match your contracts or that offset any risks, reducing your exposure and giving your customers confidence in your offering.

How Excis can Help

Excis are cloud experts and have many years of expertise working with cloud services from a technical, legal, product and operational perspective. This includes designing services, reviewing services and suppliers, writing policies, contracts and agreements and negotiating them. We have a team of international lawyers, data protection, service and security professionals who have assisted many of our customers in developing or getting the right cloud product or deals and in being compliant with applicable laws as well as being secure. We have advanced expertise in cloud contracts, and we are currently one of the only organisations in the EU who are specialists in cloud privacy and have certified audit leads who can audit cloud security, privacy and legal terms. This means that we can assess against the GDPR and other legislation and can quickly identify gaps so your risks can be managed and mitigated. Excis offer several approaches to our customers for cloud review services.

The ideal time to get Excis involved is when you are defining your requirements for a cloud product, whether you are developing a cloud or looking at adopting one. We can advise you of the benefits or disadvantages of a solution, we can review your supplier for security and privacy and can assess them against mandatory compliance. For example, the NIS Directive or the GDPR. Another option is for Excis to review your existing product, service or contracts to determine any inherent risks against current or emerging legislation. This way we can advise you on the best ways to offset any risks within the supply chain or can advise you of your current compliance status against a given standard. This is beneficial if you are an international organisation that wants to enter a new territory.

The third option is for Excis to help set up a surveillance program for your cloud contracts and suppliers and to either manage or train your team to deal with cloud review, security, privacy and legal risks, terms and conditions and any subsequent changes through the lifecycle.

When you engage with Excis we will explain our processes as we are specific to your needs and we aim to be efficient and to bring you the maximum benefits as soon as possible. Typically, we can determine your needs and guide you through your journey after the initial assessment. We will identify key issues, provide expert advice and recommendations to address any issues that you may face and can then move forward on agreement.

Excis are currently one of the only organisations in the EU who are specialists in cloud privacy and auditing. We are one of the very few companies that have certified audit leads who can audit cloud security, privacy and legal terms, obtaining our customers CSA PLA CoC certification for GDPR compliance. We are registered partners with the Cloud Security Alliance and as a result, are at the leading edge of cloud technology, security, privacy and compliance.   This means that we can assess cloud platforms against the GDPR as well as other privacy legislation for compliance and can quickly identify gaps so your risks can be managed and mitigated.

Services Offered:

• Privacy and Acceptable Use policies for Cloud Service Providers
• Data Processing ad Transfer Agreements for Cloud Service Providers
• Cyber Security Review and Audit Against Cloud Standards such as CSA and the NIS Directive
• Privacy Level Agreements for Cloud Service Providers
• Contract Review for Cloud Service Customers
• Contract Negotiation and Advisory for Cloud Service Customers
• Cloud Compliance Audits for Suppliers and Customers to Assure Compliance with Applicable Law
• Assistance on Supplier Compliance, from Selection to Ongoing Surveillance and Measurement
• Advice on Legal and Practical Elements of Cloud Migration to Ensure Minimal Impact of any Cloud Migration

 

Please email: contact@excis.co.uk or call +44 (0) 1622 926 312 for more information.

YOU MAY ALSO BE INTERESTED IN:

• Excis Cloud Privacy Services
  
  
• Excis Cloud Security Audit Services
  
  
• Excis Other Cloud Services
  
  
• Excis Contract Review Services (Cloud, GDPR etc contracts)
  
  
• Excis Cloud Privacy Training
  
  

Copyright 2020, Excis Networks Limited

OUR PRIVACY NOTICE

Company Number 4406587
Registered in England and Wales
Data Protection Registration Number ZA302604