Connecticut



Request for Approval of Cloud ServicesAgency Name:Business Owner:Proposed Solution:Briefly Describe the Business Case:Briefly describe how the data will be handled:?Does the data being hosted need to comply with federal information security law (e.g., HIPAA, PCI, PII, FTA, CJIS, FERPA, etc.)? If so, how does the vendor meet or exceed those requirements?Will the cloud service be required to process, transmit and/or store any data that is federally regulated? ?Will the cloud service be required to process, transmit and/or store any data that is considered by the state and/or your agency to be confidential, classified, sensitive or otherwise controlled? ?Is any of the data stored in the system subject to FOI or legal hold?? If so, what mechanisms are in place that will allow you to satisfy these needs? Has your agency classified the data you anticipate that the cloud service will transmit and/or store in accordance with state IT Policy?What mechanisms does the vendor offer, if any, to assist the state in migrating data off their solution in the event that your agency desires to terminate your relationship with the vendor?Does the vendor run their own data center or do they rely on the use of a separate cloud services provider (e.g., Amazon Web services, RackSpace, Microsoft Azure, etc.).Where will the data reside, geographically? This includes not only any primary data centers, but any other data centers that may provide replication and/or failover support.If the vendor does not provide service resiliency by means of physically separate data centers or failover environments, how does the vendor meet your agency’s business continuity goals (availability, time to recovery, etc.) for the solution you seek to use? Does the vendor allow employees and/or subcontractors to access customer data? If so, in what cases is this allowed and how does the vendor monitor this activity for appropriateness?Legal and Procurement ReviewPrior to moving forward with an official procurement of any off-premises, third-party service provider, your agency will need to meet with DAS Contracts and Procurement for a review of the vendor’s terms and conditions and to make sure that you have the appropriate procurement authority in place.Please note that DAS Contracts may need to work with the vendor’s legal team to address any issues and/or if modifications are needed to the terms and conditions.Have you met with DAS Contracts to review this procurement and the vendor’s Terms and Conditions and legal compliance to state law? If so, what was the outcome of that review?Have you met with DAS Procurement to review your needs and to determine the most appropriate purchasing authority? If so, what was the outcome of that review?Security ConsiderationsIs secure (authenticated) access required?? If so, how is user authentication and authorization handled?? Who is responsible for administering end-user security? How many individual’s in your agency need access to the system? Administrators:Agency Users:Other Executive Branch Users:Non-Executive Branch Users:External Business Partners:External Users:Does your solution require multifactor authentication? If so, can the vendor support that requirement?How does the vendor secure and protect state data?? How does the vendor handle breach identification and notification (C.G.S § 4e-70)? Technology ConsiderationsIf you’re agency isn’t able to answer these questions directly, please reach out to DAS/BEST and we can schedule time to meet with you and the vendor to discuss question in this section. Depending on the answers to the questions below, DAS/BEST may recommend that a formal collaborative design session be scheduled with the agency, DAS/BEST and the vendor.Does the use of this solution require any integration with existing state and/or agency technology platforms? If so, identify those platforms and the integration needed.Will the vendor’s solution need to send outbound emails in the context of any business transactions? This would mean that any business emails sent by the solution would use the state’s “@” email dolman.If integration needs between the vendor’s solution and the state were identified above, have you reviewed these needs with the various platform owners to ensure that the require integrations can be successfully achieved?Does the solution require any vendor appliances and/or software to be installed on state or agency systems? If so, please describe.What are the vendor’s obligation to you if they miss their service levels or availability commitments?How does the vendor communicate to their customers on outages?How does the vendor communicate to their customers on routine maintenance that may impact availability?Other ConsiderationsPlease describe what alternatives you considered and what those were ruled out. If the requirements for implementing this system requires the support of DAS/BEST that cannot be met within our existing appropriations and/or staffing levels, is your agency willing and able to provide the necessary level of funding to allow DAS/BEST to meet those requirements?If the requirements for implementing this system requires the acquisition of hardware, software, or other infrastructure components, is your agency willing and able to provide the necessary level of funding to cover the cost of procurement?As part of this acquisition, is your agency receiving any external funding support (e.g., grants, federal financial participation, etc.) ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download