Seite 2 - Contract & Compliance

Date: 23/01/15
EuroCloud Europe a.s.b.l.
Version 3.0 Rev10
EuroCloud Star Audit Certificate
No.
I - Control Topic
II - Control Scope
III - Control Question
Star Rating
Audit Goal
A02-S01-C01-Q01
Adequate contract terms
Conclusion of contract
Are the contract elements accessible for the customer
before booking services?
***
Online reference or request procedure for clients
A02-S01-C01-Q02
Are all the relevant contractual elements included and
referenced – like the general terms and conditions, privacy
policies, security policies and others?
***
A main document (e.g. frame contract) which is clearly referenced, to
the offered Service according to the profile, is in place. All related
agreements are referenced and named in this document.
A02-S01-C01-Q03
Is it guaranteed that the customer is being notified of
contractual changes by the contractor?
****
The customer is involved in relevant changes which might impact his
own compliance requirements.
A02-S01-C01-Q04
Are all the contractor’s relevant terms and conditions
transferred into the subcontractor agreements?
****
Scoping on SLA, Data Privacy, Security and Support Services and identify
potential gaps between customer facing commitment and transfer of
obligations to subcontractor.
A02-S01-C02-Q01
Terms of cancellation
Is it possible to terminate a contract with just cause?
***
At least a standard clause to terminate the contract has to be outlined.
A02-S01-C02-Q02
Is there a list of possible reasons defined to terminate a
contract for both parties?
****
Clear specifications of contract termination options
A02-S01-C02-Q03
Is it contractually confirmed to provide advance notice of
changes to subcontractors who are providing a service?
****
Transparency about involved subcontractors
A02-S01-C02-Q04
Are there special termination rights for the customer in the
event of changes to subcontractors who are providing a
service?
*****
Entitle the customer to cancel the contract if he is uncomfortable with
the chosen new subcontractor.
A02-S02-C01-Q01
Rules for Data Management
Location of Data
Are the location, postal address and contact for the physi-
cal data hosting of the customer data clearly provided?
***
Customer must be able to provide evidence of data location for person-
al and financial data (if required by local regulation).
A02-S02-C01-Q02
Is it possible to limit the physical data hosting to a certain
region, country, physical address or judicial area if potential
multiple sites are in place?
****
By this it has to be granted, that no backups or recovery services are in-
clouded outside the specified region. This also implies to the service and
operations staff, which has to be located within the specified region.
A02-S02-C02-Q01
Data access by customer
In the case of dissent about the service delivery is it con-
firmed that the customer can access the data without any
constraints and that the service provider is still bound to
the data archiving requirements.
***
Give the customer the right to access his data in the case of unclear
payment balances or other contractual obligations. The service itself
can be interrupted.
A02-S02-C02-Q02
In the case of abnormal contract termination, is it con-
firmed that the contractor will not delete the data and
agrees to keep the customer specific archives?
*****
A guarantee of potential data recovery