Appendix

Cloud Computing Audit Checklist

Jeff Fenton

This appendix contains a high-level audit checklist based on selected key points introduced throughout the book. More detail on each aspect here can be found in the corresponding chapters.

Cloud-Based IT Audit Process (Chapter 2)

img Has the organization applied overall risk management governance to the cloud-provided services? Have relevant risks been identified and treated, including the consideration of insurance where appropriate?

img Has legal counsel been engaged to evaluate provider contracts and address data protection, confidentiality, and intellectual property issues? Have issues such as source code escrow for provided applications been addressed? What if there is a change in control of the cloud provider?

img When an existing, internally hosted system is moved to the cloud, have the controls that were provided internally but are not provided in the cloud been identified? When the system was developed internally and is later moved to the cloud, which controls did developers assume or develop that are not provided in the cloud?

img How ...

Get Auditing Cloud Computing: A Security and Privacy Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.