Fact is that customers have a legitimate need to reserve a right to audit the cloud service provider’s compliance measures. But, it is also a fact that the service provider may not let customers into its data centers or systems because that would impair the security of other customers’ data. Also, individual audits would be unnecessarily disruptive and costly. As a compromise, cloud service providers can arrange for routine, comprehensive audits of their systems by a generally accepted audit firm and make the results available to all customers. If customers demand additional topics on the audit list, providers may want to expand the scope of the next scheduled audit (usually at the customers’ cost) provided the additional controls are reasonable.

Author

Lothar has been helping companies in Silicon Valley and around the world take products, business models, intellectual property and contracts global for nearly 20 years. He advises on data privacy law compliance, information technology commercialization, interactive entertainment, media, copyrights, open source licensing, electronic commerce, technology transactions, sourcing and international distribution at Baker McKenzie in San Francisco & Palo Alto.