Project info:
Performed multiple risk assessments for evaluating external cloud
applications and services (SaaS, IaaS, PaaS, etc.) for a regulated
financial institution.
This initiative aimed to establish a systematic due diligence process
before any vendor selection or migration of company data outside the
premises.
The core activity of the mission involved performing in-depth investigations with potential cloud service providers to rigorously assess whether their information security, data handling practices, and overall operational resilience met the institution’s minimum requirements and regulatory obligations.
Key areas covered during these risk assessments included:
- Vendor certifications and compliance attestations
- Infrastructure architecture and security controls
- Data backup and Disaster Recovery procedures (including evidence of successful testing)
- Technology stack details
- Authentication and authorization mechanisms
- Reporting and monitoring capabilities
- Incident management processes
- Data residency and location specifics
- Detailed cost structures and feature pricing
This framework provided essential governance, enabling informed, risk-based decisions regarding cloud adoption and ensuring external services were utilized securely and compliantly.
- Implemented by: Waythrough.eu
- completed on: 2019
- skills: Project Management / Infrastructure / Cloud / Security
