When to assess the risks of using a public cloud service
You need to assess risks when looking for or starting to use services — and when there are significant changes or new risks.
Looking for or starting to use services
Risk assessments must be done when adopting:
- all-of-government agreements
- Marketplace contracts
- individual services — including free trials
- contract renewals.
Ways to buy public cloud services
Significant changes to your services
You may need to re-assess the risks to your information if either your organisation or the service provider has, for example, new:
- terms and conditions — this may require renegotiating or cancelling the service
- changes to the information being stored or managed by the public cloud service
- or modified purposes for using the service.
Help with negotiating contracts for public cloud services
Government organisations should be regularly monitoring and reviewing risks and security controls. These reviews might reveal concerns that require re-assessing the risks to your information in a public cloud service.
Monitor and review risks to information systems
Next step — assess the risks
Assess the risks of using a public cloud service
Utility links and page information