|
|
| Line 1: |
Line 1: |
| Here we provide a concise listing of 18 questions your organization should be asking any cloud providers being considered for your cloud project. (A broader list of questions is discussed in the next subsection about RFIs.) As part of the discovery phase of your formal cloud project, some of these questions may have been asked prior, but many of them will likely not have been addressed in prior discussions. Most of these questions have already been addressed in prior sections of this guide, but a "shopping list" is always handy, yes? Like the prior list, the ordering here means little, aside from perhaps an attempt at semi-logical progression from introduction to the provider to wrapping up agreements.<ref name="APHLBreaking17">{{cite web |url=https://www.aphl.org/aboutAPHL/publications/Documents/INFO-2017Jun-Cloud-Computing.pdf |format=PDF |title=Breaking Through the Cloud: A Laboratory Guide to Cloud Computing |author=Association of Public Health Laboratories |publisher=Association of Public Health Laboratories |date=2017 |accessdate=21 August 2021}}</ref><ref name="IFAhelp20">{{cite web |url=https://www.mynewlab.com/blog/a-helpful-guide-to-cloud-computing-in-a-laboratory/ |title=A Helpful Guide to Cloud Computing in a Laboratory |work=InterFocus Blog |publisher=InterFocus Ltd |date=05 October 2020 |accessdate=21 August 2021}}</ref><ref name="EusticeUnder18">{{cite web |url=https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing |title=Understand the intersection between data privacy laws and cloud computing |author=Eustice, J.C. |work=Legal Technology, Products, and Services |publisher=Thomson Reuters |date=2018 |accessdate=21 August 2021}}</ref><ref name="WardCloud19">{{cite web |url=https://www.labmanager.com/business-management/cloud-computing-for-the-laboratory-736 |title=Cloud Computing for the Laboratory: Using data in the cloud - What it means for data security |author=Ward, S. |work=Lab Manager |date=09 October 2019 |accessdate=21 August 2021}}</ref><ref name="LBMCNine21">{{cite web |url=https://www.lbmc.com/blog/questions-cloud-service-providers/ |title=Nine Due Diligence Questions to Ask Cloud Service Providers |author=LBMC |work=LBMC Blog |date=24 February 2021 |accessdate=21 August 2021}}</ref><ref name="TRThree21">{{cite web |url=https://legal.thomsonreuters.com/blog/3-questions-you-need-to-ask-your-cloud-vendors/ |title=Three questions you need to ask your cloud vendors |author=Thomson Reuters |work=Thomson Reuters Legal Blog |date=03 March 2021 |accessdate=21 August 2021}}</ref>
| | ==Citation information for this chapter== |
| | '''Chapter''': 6. Considerations when choosing and implementing a cloud solution |
|
| |
|
| # What experience do you have working with laboratory customers in our specific industry?
| | '''Title''': ''Choosing and Implementing a Cloud-based Service for Your Laboratory'' |
| # Can your solution readily integrate with our other systems and business processes, making it easier for our end users to perform their tasks?
| |
| # What is the average total historical downtime for the service(s) we're interested in?
| |
| # Do we receive comprehensive downtime support in the case of downtime?
| |
| # Where are your servers located, and how is data securely transferred to and from those servers?
| |
| # Who will have access to our data (including subcontractors), and what credentials, certifications, and compliance training do they have?
| |
| # Will our sensitive and regulated data be stored on a machine dedicated to complying with the necessary regulations?
| |
| # How segregated is our cloud data from another customer's, i.e., will lapses of security of another customer's cloud affect our cloud? (It typically won't, but asking the question will hopefully prompt the provider to better explain how your data is segregated.)
| |
| # Do you have documented data security policies?
| |
| # How do you test your platform's security?
| |
| # What are your policies for security audits, intrusion detection, and intrusion reporting?
| |
| # What data logging information is kept and acted upon in relation to our data?
| |
| # How thorough are those logs and can we audit them on-demand?
| |
| # For HIPAA-eligible data (e-PHI) we may have, will you sign a business associate agreement?
| |
| # What happens to our data should the contract expire or be terminated?
| |
| # What happens to our data should you go out of business or suffer a catastrophic event?
| |
| # Can we use your interface to extract our data when we want, and in what format will it be?
| |
| # Are your support services native or outsourced/offshored?
| |
|
| |
|
| ==References==
| | '''Edition''': First edition |
| {{Reflist|colwidth=30em}}
| | |
| | '''Author for citation''': Shawn E. Douglas |
| | |
| | '''License for content''': [https://creativecommons.org/licenses/by-sa/4.0/ Creative Commons Attribution-ShareAlike 4.0 International] |
| | |
| | '''Publication date''': August 2021 |
