• That the contract or agreement for the solution requires the service provider to notify the College of data breaches immediately and in no less than 2 hours. • That the solution includes adequate controls at application and network layers based on industry best practices. • That the College as verified at least three references (urls) where the product has been implemented and has been in production for 12 months or more. • That the contract or agreement for the solution requires a minimum of six months’ advance notice of termination to CCAC by the vendor. • That the contract or agreement for the solution requires the vendor to notify the College in the event that it files for bankruptcy protection before or during the contract period with CCAC, or otherwise makes an assignment of its rights under the contract for the benefit of its creditors. • That the contract or agreement for the solution requires the vendor to notify the College within 30 days in the event of a planned merger and requires it to provide tools for data migration and a technology road map for the merged entity. • That the contract or agreement for the solution includes adequate warranties against third party breaches, loss of access, and denials of service. It is recognized that contractual provisions, as described above, are subject to negotiation with the vendor and may not be commercially obtainable in every case. Exceptions to these requirements may therefore be made upon approval of the College’s Chief Information Officer and the General Counsel. A DDITIONAL R EFERENCES Board Policy II.06 – Legal Services and Review Board Policy V.02 – Contracts Administrative Regulation, Remote Access to CCAC Computer Networks CCAC Employee Manual CCAC ITS Procedures Gartner Resources • "Designing a Cloud Strategy Document" • "Decision Point for Application Placement: Cloud, Managed, Colocation or Do It Yourself" • "Decision Point for Selecting an Application's Cloud Migration Strategy" • "Analyzing the Role and Skills of the Cloud Architect" • "The Cloud Architect's Guide to Implementing Public Cloud Services" • "Key Services Differences Between AWS and Azure — Availability, Network, Compute and Storage" • "Hybrid Architectures for Cloud Computing" • "Building an IT Business Case for Public Cloud IaaS or PaaS" • "A Comprehensive List of Management Requirements for Organizations Using Public Cloud Services" • "Hosted Private Clouds: The Alternative to Building It Yourself" • "Evaluation Criteria for Cloud Infrastructure as a Service"
• "In-Depth Assessment of Amazon Web Services" • "In-Depth Assessment of Microsoft Azure IaaS"
154|Page
Made with FlippingBook Learn more on our blog