Cloud services provide significant benefits to individuals and organisations with increased solution choice, flexibility, scalability and faster time to solution.
However, challenges can arise without the appropriate checks and due diligence, which can lead to significant risks for the University including data security risks, data protection risks and contracts which are not fit for purpose.
The Cloud Governance group assess the cloud services that we choose to adopt within our organisation to ensure responsible cloud usage, compliance and risk management.
The Cloud Governance group review cloud services across three strands:
- IT and data security assessment to ensure that the service complies with UL’s IT Security policy and Acceptable Usage policy.
- Data protection assessment to ensure that the service complies with UL’s data protection policy.
- Legal and contractual assessment to ensure that the contracts are fit for purpose and that UL is adequately protected from a legal perspective.
In summary, cloud governance allows us to manage risk, ensure strategic alignment and harness the power of cloud in a controlled and compliant manner.
Cloud Governance Group
The Cloud Governance Group is made up of representatives from the University including the:
- Head of Enterprise Architecture (Chair)
- Directorate of ITD
- Enterprise Data Architect
- ITD Vendor Manager
- Data Protection Officer
- University Solicitor
- Other stakeholders as requested by the Chair from time to time to attend meetings of the committee for a specific period or project.***
How to contact the Cloud Governance Group
The Cloud Governance Group meets monthly to review and discuss cloud service proposals. The group can also be consulted for advice and guidance on existing and future use of industry cloud solutions to address business needs and may be able to provide details on services already in use within the University with similar capabilities.
UL Acceptable Usage Policy
IT Security Policy
