Technology: Navigating compliance standards in the clouds

What certifications or compliance standards should legal counsel be looking for when evaluating and selecting a cloud services provider?

SOX, PCI, HIPPA, SSAE 16, SOC-2, ISO 270002, NIST . . . . what certifications or compliance standards should legal counsel be looking for when assisting companies in evaluating and selecting a cloud services provider?

In today’s cloud environment, responsibility for security is often shared between the cloud user and cloud services provider (CSP). Cloud security is new, different and often more complex than managing information security in a user-controlled environment. What makes IT controls in the cloud different than other controls is the nature of the cloud - where a failure in controls can instantly impact the entire organization and operations and quickly compromise a company’s entire regulatory compliance program. According to the Cloud Security Alliance, lack of security control transparency is a leading inhibitor to the adoption of cloud services.

Contributing Author

author image

Janet A. Stiven

Janet A. Stiven is the vice president & general counsel of The Moody Bible Institute of Chicago.

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.