Due Diligence Considerations for Lawyers Evaluating Cloud Computing Service Providers
The Legal Cloud Computing Association (LCCA) has developed standards for lawyers to consider when conducting due diligence of a cloud service provider (CSP) as required by Florida Bar Ethics Opinion 06-1 and 12-3.
The Florida Bar’s Standing Committee on Technology has annotated these standards with questions lawyers should ask their CSPs, and commentary on why the standard and questions are important. The Florida Bar takes no position on whether these standards define a lawyer’s ethical or legal obligations to meet their duties to adopt reasonable security safeguards to protect client information and personally identifiable information. The Committee, however, strongly encourages lawyers considering the adoption of cloud computing to review Florida Bar Ethics Opinion 06-1 and 12-3. Additionally, reliance on the proposed questions for CSPs alone is not recommended. The lawyer considering the use of the cloud should consult with an information security and cloud computing expert who can tailor these questions and identify additional issues when conducting due diligence of a cloud service provider. Finally, The Florida Bar Member Benefits website lists CSPs that have met most or all the LCCA’s standards.
PHYSICAL AND ENVIRONMENTAL MEASURES
DATA INTEGRITY MEASURES
USERS AND ACCESS CONTROL
- End User Authentication
- Addition or Suspension of a User
- Tracking
- Addition or Deletion of Data
- Retrieving Data
SERVICE AGREEMENT
VIEWS AND CONCLUSIONS EXPRESSED IN ARTICLES HEREIN ARE THOSE OF THE AUTHORS AND NOT NECESSARILY THOSE OF FLORIDA BAR STAFF, OFFICIALS, OR BOARD OF GOVERNORS OF THE FLORIDA BAR.