IT Examiner School, Seaside, CA

Ongoing Monitoring

• Personnel responsible for provider oversight should have the necessary expertise to assess the risks and should maintain suitable documentation.

• Management may use the oversight documentation when renegotiating contracts as well as developing contingency planning requirements.

Other Items to Consider

Does the vendor use the cloud? • Cloud computing is becoming very common for our institutions. Does the institution understand the risks when a service provider utilizes a cloud solution? - Private cloud: A type of cloud computing that delivers scalability and self-service through a proprietary architecture. A private cloud is dedicated to a single organization. - Public Cloud: Often offered to the general public with a variety of users. Could create increased risk data loss or breach.