Security concerns of integrating diverse industries
Data considerations
Data sovereignty
Data ownership
Data classifications
Data retention
Data types
Health
Financial
Intellectual property
Data removal, destruction, and sanitization
Geographic considerations
Location of data
Location of data subject
Location of cloud provider
Third-party attestation of compliance
Regulations, accreditations, and standards
Payment Card Industry Data Security Standard (PCI DSS)
General Data Protection Regulation (GDPR)
International Organization for Standardization (ISO)
Capability Maturity Model Integration (CMMI)
National Institute of Standards and Technology (NIST)
Children’s Online Privacy Protection Act (COPPA)
Common Criteria
Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)
Legal considerations
Due diligence
Due care
Export controls
Legal holds
E-discovery
Contract and agreement types
Service-level agreement (SLA)
Master service agreement (MSA)
Non-disclosure agreement (NDA)
Memorandum of understanding (MOU)
Interconnection security agreement (ISA)
Operational-level agreement
Privacy-level agreement
