CHAPTER 16

Auditing Cloud Computing and Outsourced Operations

In this chapter, we will discuss key controls to look for when you are auditing IT operations that have been outsourced to external companies, including the following:

•   Definitions of cloud computing and other forms of IT outsourcing

•   Third-party attestations and certifications, such as ISO 27001

•   Vendor selection controls

•   Items to include in vendor contracts

•   Data security requirements

•   Operational concerns

•   Legal concerns and regulatory compliance

Background

The concept of outsourcing IT operations to external service providers is not a new one. Companies have been implementing this concept for years, from hosting their applications via an application service ...

Get IT Auditing Using Controls to Protect Information Assets, Third Edition, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.