| Assessment Item | Check | Notes |
|---|---|---|
| Cloud provider compliance certifications reviewed | ||
| Cloud data jurisdictions identified | ||
| Security policies aligned with organization standards |
| Assessment Item | Check | Notes |
|---|---|---|
| Multi-factor authentication enabled | ||
| Role-based access controls configured | ||
| Inactive accounts removed/disabled |
| Assessment Item | Check | Notes |
|---|---|---|
| Data encryption at rest | ||
| Data encryption in transit | ||
| Data backup and recovery implemented |
| Assessment Item | Check | Notes |
|---|---|---|
| Firewall and security group configuration reviewed | ||
| Virtual private cloud (VPC) implemented | ||
| Network segmentation controls |
| Assessment Item | Check | Notes |
|---|---|---|
| Centralized logging enabled | ||
| Alerting and monitoring in place | ||
| Incident response procedure defined |
| Assessment Item | Check | Notes |
|---|---|---|
| Disaster recovery plan tested | ||
| Third-party integrations security reviewed | ||
| Ongoing training and awareness |