- Software as a Service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
- Will the service provider meet any of you data breach notification requirements (remember even though you are hosting you are responsible for the data under your protection i.e. PHI, PII, and etc.)?
- Will the provider meet data retention requirements of the business?
- Will the provider meet the standards for data encryption and protection you require?Are “Safe Harbor” needs met?
- Data destruction or return on end of contract well defined to meet your business requirements?
- What is their incident management program?
- Are they prepared to react in a timely fashion in case of any eDiscovery needs of data they store for you?
Are the RPOs and RTOs consistent with the business’ requirements?