Does your company maintain a disaster recovery plan?
Does your company maintain a business continuity plan?
How often do you test your plans?
Do you have technical control capabilities to enforce tenant data retention policies?
Do you have a documented procedure for responding to requests for tenant data from governments or third parties?
Have you implemented backup or redundancy mechanisms to ensure compliance with regulatory, statutory, contractual or business requirements?
Do you test your backup or redundancy mechanisms at least annually?
Do you make standards-based information security metrics (CSA, CAMM, etc.) available to your tenants?
Do you provide customers with ongoing visibility and reporting of your SLA performance?
Does your cloud solution include software/provider independent restore and recovery capabilities?