38 ◾ Information Security Management Handbook
Appendix A: Cloud Computing Service Provider Risk Analysis
Questionnaire
1. Overview
a. Describe the cloud computing business services you will be providing.
b. Please provide a detailed description of how information will flow between the cloud
computing services and company (include any proposed network, system, and process
flow diagrams).
c. Will company data be stored or accessed by any offshore facility? If yes, please describe.
d. Briefly describe the security components of your cloud offering, including end-user
benefits.
e. What is your solution architecture, and how is security integrated into your cloud
offering?
f. How does your security offering help in either establishing or ...