"Hembrow, Chris" <[email protected]> writes: > Hi folks. > > I'm looking at Occupational Health systems for our business, which will hold > potentially sensitive medical information on our employees. We are > potentially looking at externally hosted solutions, and I'm trying to get an > idea of what sort of things I should look to ensure are included in any > contract. > > So far, all I can think of specifically is around ensuring an appropriate > employee vetting process for the suppliers employees and the hosts employees, > ISO27001 for the hosts, and segregation of data from their other customers. > I'll also push for encryption of data at rest. > > We're in the UK, and I'm not aware of any regulations which apply apart from > the Data Protection Act. > > Thanks,
I won't pretend this is a complete answer, and I suppose such questions require responses that include the phrase "I am not a lawyer" but I noticed a recent Packet Pushers podcast on the topic at hand. I haven't gotten through it yet, but their content is usually well worth a listen. http://packetpushers.net/show-55-questions-you-should-be-asking-your-cloud-provider/ -- Todd Haverkos, LPT MsCompE http://haverkos.com/ _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
