Summer Regulatory Summit eBook

First page Table of contents Previous page 231 Next page Last page

Additional Considerations

Control (Vendor Management) : o Has the Organization documented adequate policies pertaining to cloud computing vendors? Recommendation : o The Organization should document a Cloud Computing Policy to encompass approval of cloud vendors, due diligence requirements, monitoring, and security. Guidance: o FFIEC Joint Statement on Risk Management for Cloud Computing Services (April 2020) o Security in a Cloud Computing Environment (FFIEC)

© SBS CyberSecurity, LLC www.sbscyber.com

35

Made with FlippingBook Digital Publishing Software