173
1.3.3
Regulations for protecting the customer's data and the availability
of the application in the event of insolvency of the contractor, e.g.,
through preventive measures.
1.3.4
Sufficiently detailed description of the processes at the end of the
contract term: returning data, erasing data, termination of access,
final settlement, technical formats of the data transmission,
handover of the electronic keys, etc.
2
Cloud service delivery
List all essential information and necessary regulations important for
providing a Cloud service in this content area. In particular, these include all
information on the infrastructure used, service provision and its
implementation and on operations.
2.1
Rules concerning the infrastructure used
The following items must be taken into account, or stated in sufficient
detail:
2.1.1
Explicit listing of all datacentres to be used for the contracted
services. The legal consequences of the use of datacentres outside
of the EU legal framework should be made transparent.
2.1.2
Statement of how the datacentre will handle potential risks (for
example natural disasters, technical problems, crime, and human
errors) and what measures and processes are taken or used to
minimise possible consequences.
2.1.3
Detailed report regarding the availability of the infrastructure at
the datacentre, the connection to one or more Internet carriers, of
the management documents, emergencies and the availability of
back‐up power and cooling.
2.2
Rules concerning the content of the services
As an essential element of the contract, sufficient space must be dedicated
to a detailed description of the statement of work. The following items must
be taken into account, confirmed, or stated in the contract:
2.2.1
Sufficiently detailed description of the Cloud service itself and the
nature of the Cloud service, e.g. Infrastructure as a Service (IaaS)…