The Cloud Security and Compliance Assessment is part of our Planning Phase of our Service Methodology. It is based on the information discovered in our Cloud Strategy Workshop, Cloud Opportunity Assessment or similar levels and value of information obtained by other means. The primary function of the Cloud Security and Compliance Assessment is to help you understand your security posture, policies and compliance exposures.
The exact length of a particular Cloud Security and Compliance Assessment depends on the complexity of the environment and the specific security regulations and rules that apply. We estimate that length based on the information available from the Strategy Workshop or other sources along with a scoping call prior to submitting a bid for the engagement. Typically a Cloud Security and Compliance Assessment requires three to five days on site plus time spent remotely analyzing the results and preparing the final report.
The Cloud Security and Compliance Assessment is an on-site consulting engagement with the goal of examining and maintaining an organization’s security posture by identifying the potential data security risk(s) involved in moving targeted workloads to the Cloud.
The objectives of the this assessment service are:
Prior to the actual on-site visit, Purposeful Clouds collects all existing and pertinent information. This could be the Cloud Strategy and Workshop Report from a Cloud Strategy Workshop, the Cloud Opportunity Assessment Report from a Cloud Opportunity Assessment, or equivalent value information collected by other means. If this information is not readily available, that will impact the required length of the Cloud Security and Compliance Assessment engagement.
We also hold a Kick-off Call to establish the roles and responsibilities, logistics, schedules and high-level goals for the on-site visit.
The on-site session usually starts with:
The majority of the on-site visit is spent in small groups capturing the required information. For each of the targeted workloads:
Each mid-afternoon we have a quick review of what has been covered, what needs to be covered, and list any data collection issues so they can get addressed.
After the on-site visit, we analyze the information provided and prepare the deliverables. We may have a few specific questions which we will ask via a scheduled conference call.
This brief executive-level report covers the scope, approach, high-level findings and recommendations identified during the Assessment Service for the benefit of your senior management.
This comprehensive report has detail from the Assessment Service including:
We deliver a summary presentation highlighting the findings of the Assessment Service in a 1-2 hour on-line meeting about two weeks after the on-site visit.