Cybersecurity Cloud Assessment for Restricted Data

If you are planning to have restricted data in a cloud account, please request a Cybersecurity assessment.   (Not sure?   check out Data Elements Allowed in Public Cloud Platform )

Log into OneTrust select a “Cybersecurity Risk Assessment Request”, and select Public Cloud in question 2.1:

OneTrust assessment type image

Information you will want to gather to prepare for your cybersecurity assessment:
  • Identify any technical and / or security contacts within your department that you will want the assessment to be shared with. They should be included in the risk assessment request.   Please provide name, email address and phone number.
  • What classification of data you are using, including which data elements
  • For research projects, an IRB# or RSP# if applicable
  • Whether data will be stored in the cloud account, and if it will also be stored elsewhere (e.g. on premise storage)
  • Which cloud platform and which service(s) you will be using within it.   Please review Cloud Platform Eligibility for Restricted Data and confirm those services are considered HIPAA eligible.
  • Anything else you would like to share with the public cloud team and Cybersecurity (e.g. architecture diagrams, system documentation)

In preparation for the assessment, the public cloud team is happy to assist you with service eligibility & potential architectural approaches.   This assessment should be fairly straightforward for typical projects, but the time required for this assessment will vary based on data risk and desired architecture.   

See Also:

Commonly Referenced Docs:

UW Madison Public Cloud Team Events
Online Learning Classes for Cloud Vendors
What Data Elements are allowed in the Public Cloud




Keywords:google gcp data elements classification restricted sensitive internal public security baa aws amazon Microsoft Azure   Doc ID:110948
Owner:Chris L.Group:Public Cloud
Created:2021-05-21 09:06 CDTUpdated:2021-07-09 14:00 CDT
Sites:Public Cloud
Feedback:  1   1