Last week I introduced two InterPARES Trust checklists designed to help individuals and organizations evaluate different aspects of their cloud services. Today I invite you to look at a third checklist that can be used alone or in conjunction with the other two.
This Checklist is designed to offer guidance for individuals, businesses, government agencies or other organizations to assess the security and ongoing trustworthiness (i.e. authenticity, reliability, and accuracy) of their data when stored in an Infrastructure-as-a-Service (IaaS) platform. It is the result of a study in the international InterPARES Trust research project, Ensuring Trust in Storage in Infrastructure-as-a-Service (EU08). The goal of the study was to establish the minimum amount of information necessary to support users’ trust in an IaaS provider and also position the provider as a trusted service provider.
To better understand the implication of issues of trust in cloud services the research team created a questionnaire, which was used during the collection of data for analysis of the Croatian cloud service providers offering Infrastructure-as-a-Service (IaaS). The questionnaire became the basis for the Checklist.
The checklist consists of 36 questions divided into 10 categories:
- General information (4 questions),
- Governance (4 questions),
- Compliance (4 questions),
- Trust (5 questions),
- Architecture (6 question),
- Identity and Access Management (1 question),
- Software Isolation (2 questions),
- Data Protection (5 questions),
- Availability (2 questions),
- Incident Response (3 questions).
This checklist can be used by records managers and archivists when assessing a CSP offering IaaS as well as by CSPs as a guideline for providing online information about their service. It is made available through a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License.
If these Checklists are useful to you, we would love to hear from you! Send you comments and suggestions. The research teams will consider all feedback.