Cybersecurity Cloud Assessment for Restricted Data
If you are planning to have restricted data in a cloud account, please request a Cybersecurity assessment. (Not sure? check out Data Elements Allowed in Public Cloud Platform )
Log into OneTrust select a “Cybersecurity Risk Assessment Request”, and select Public Cloud in question 2.1:
Information you will want to gather to prepare for your cybersecurity assessment:
- Identify any technical and / or security contacts within your department that you will want the assessment to be shared with. They should be included in the risk assessment request. Please provide name, email address and phone number.
- What classification of data you are using, including which data elements
- For research projects, an IRB# or RSP# if applicable (we will leverage already created data workflow documentation to prevent duplicate effort on the part of researchers)
- Whether data will be stored in the cloud account, and if it will also be stored elsewhere (e.g. on premise storage)
- Which cloud platform and which service(s) you will be using within it. Please review Cloud Platform Eligibility for Restricted Data and confirm those services are considered HIPAA eligible.
- Anything else you would like to share with the public cloud team and Cybersecurity (e.g. architecture diagrams, system documentation)
In preparation for the assessment, the public cloud team is happy to assist you with service eligibility & potential architectural approaches. This assessment should be fairly straightforward for typical projects, but the time required for this assessment will vary based on data risk and desired architecture.