IT Examiner School, Providence, RI

Ongoing Monitoring

• Personnel responsible for provider oversight should have the necessary expertise to assess the risks and should maintain suitable documentation.

• Management may use the oversight documentation when renegotiating contracts as well as developing contingency planning requirements.

Other Items to Consider

Does the vendor use the cloud?

• Cloud computing is becoming very common for our  institutions. Does the institution understand the risks when a  service provider utilizes a cloud solution?  • Private cloud:  A type of cloud computing that delivers  scalability and self‐service through a proprietary architecture.  A private cloud is dedicated to a single organization. • Public Cloud:  Often offered to the general public with a  variety of users.  Could create increased risk data loss or  breach.