(2014-04-28 9:36 PM)
Scott,Cloud isn't the problem. As long as there are atubdaile records of the security your cloud provider users, and adequate documentation of the controls in place, there should be no issue. I have no issues with ours, and we've been doing this since the service bureau days. Auditors, in my experience, want to make sure that any system uses the proper security controls and methods, cloud or not, and that the right agreements are in place.If your auditors are going to be wary of cloud, they should be more wary of Iron Mountain or Scantek. That would make more sense.