Incorporating your company's incident response plan into its cloud computing contract

Financier Worldwide Magazine
June 2016
In this article, John Eustice discusses how companies can get a head start on cyber attack incident response by incorporating aspects of their incident response plans in their contracts with cloud computing providers. "All companies need to prioritise the drafting, implementing and testing of a cyber incident response plan," Eustice said. After a cyber attack, "both the company and the cloud provider must be able to work together to respond and reduce threats going forward." There are at least three opportunities to improve incident response when drafting cloud computing contracts -- companies should be sure to include provisions regarding communication and the timing of communication after a data breach; provisions relating to investigations into the cause of the breach; and provisions requiring the documentation and communication of steps taken in response to a breach.
Related Files
Related Links