CHAPTER 14Auditing Cloud Computing and Outsourced Operations
In this chapter, we will discuss key controls to look for when you are auditing IT operations that have been outsourced to external companies, including the following:
• Definitions of cloud computing and other forms of IT outsourcing
• SAS 70 reports
• Vendor selection controls
• Items to include in vendor contracts
• Data security requirements
• Operational concerns
• Legal concerns and regulatory compliance
Background
The concept of outsourcing IT operations to external service providers is not a new one. Companies have been implementing this concept for years, from hosting their applications via an application service provider (ASP), to storing their computer equipment in a co-location ...
Get IT Auditing Using Controls to Protect Information Assets, 2nd Edition, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
