1. Number of years in service?
2. Number of subscribers?
3. Number of users?
4. Min number of users per subscriber?
5. Max number of users per subscriber?
6. Average number of users per subscriber?
7. Geographic spread of subscribers?
8. Mode by which Cloud can be accessed ( Browser, hand held device – mobile phone – which one, etc)
9. Does app has offline client?
10. Browser compatibility
11. List of business processes affected
12. Severity of affect to each business process (just touch, requires change, need complete change)
13. How to integrate with existing business systems – batch/real, synchronous/asynchronous, technology/platform?
14. Do employees need training?
15. Does Cloud affect master data?
16. How to integrate with Single Sign On (SSO)?
17. Does proposed cloud will capture any sensitive information (trade secret, patent, customer data, etc)?
18. What are the bandwidth requirements of proposed Cloud?
19. Does proposed Cloud have SSL support?
20. Does Cloud provider share with you external penetration tests and internal network security audits periodically?
21. Does provider have a documented policy for "hardening" the OS under Web and other servers?
22. Does provider have a documented set of controls to separate data and security information among customer applications?
23. Does provider perform background checks on personnel with administrative access to servers and applications?
24. Does provider has documented process for security alerts from IT partners?
25. What are the procedures for business continuity and disaster recovery?
26. Does provider certify the security of scripts and integration code; documented procedures for installing security patches
27. Does provider offer application- or transaction-based intrusion- detection services?
28. Does provider has documented identity management and help desk procedures?
29. What percentage of security staff has security industry certification?
30. What is the average experience of provider's security staff in information and network security?
31. What is the provider’s operational model: a. Self Hosting b. Co-location c. Managed Hosting d. Cloud Computing?
32. Is the provider's data center N + 1 for power?
33. Provider's Data facility: 1. Tier III 2. Tier IV
34. Is the provider's data center certified SAS 70 Type II or Type 1?
35. How many data centers does the provider have?
36. Which data centers will be used to server the application?
37. Is there a DR plan if a data center becomes unavailable?
38. Does the provider use at least 3 ISPs? Who are they?
39. Can a private connection to my enterprise WAN be provided?
40. Does the provider have network redundancy? How is this achieved?
41. How is network latency mitigated?
42. Can the provider provide location specific SLA's measured by a third party benchmarking service?
43. What are the hardware and software components provided by the provider?
44. Are provider servers dedicated or shared? If shared, by what method?
45. Is infrastructure redundant? If so, how is this accomplished?
46. What is Backup and retention schedule?
47. What monitoring is done as well as the interval, and reports that are available to review?
48. Is there staff 24/7? If not, what hours is staff available?
49. What is the provider's change management, patch management and upgrade policies and procedures?
50. What are the downtime notification policies (i.e. is advance notification given? How much?)?
51. Will a staging server/staging sand box be available for testing prior to production deployment?
52. Does provider has sand box for development?
53. How is security alerts handled? What are the security policies?
54. Do you have clear Service Level Agreements (SLAs) established with the service provider?
55. What kind of System Monitoring provided by the service provider?
56. What kind of help-desk support is available?
57. What are the change management processes available from the service provider?
58. Does the service provider provide you a staging environment to test changes before they are promoted to production?
59. Will the service provider support for full data and rule customization recovery on contract termination?
60. What API’s are exposed by service provider to develop application over cloud?
61. What API’s are exposed by service provider to deploy application over cloud?
62. Does my enterprise need new licensees of app servers/database or any other applications to be deployed over cloud?
63. How much time is needed to set up a proof of concept or trial demo?
64. How can offering being customized?
65. Industry references
66. Historical records of service availability?
Thursday, December 30, 2010
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment