Compliance in the Cloud – their system, your responsibility
A recent article by Thomas Trappler on CIO.com discusses in some detail how businesses aren’t shedding any compliance risk by moving their computing to the cloud. Particularly in this area, consumers need to recognize that outsourcing certain functions doesn’t reduce or eliminate responsibility. Just the converse, it could make things a bit more difficult if you don’t keep close tabs on how your provider implements and is involved with your solution.
With compliance in the cloud, it’s their system, but your responsibility.
Here’s a brief excerpt of examples to whet your appetite…
Requires financial organizations to enter into contracts with third parties that they share their customer information with (including cloud vendors) to ensure that the third party handles that information securely. Executives of those financial organizations can be held personally liable for failure to do so.
Defines specific security mandates and requirements for financial reporting to protect shareholders and the public from accounting errors and fraudulent practices. SOX dictates which records are to be stored and for how long and requires the data owner to know the location of the data in the cloud and to maintain control of it. Failure to comply can result in fines and/or imprisonment.”
Then go to the CIO.com article to read more. It is well worth the time and consideration.