Cloud Security Risk Assessment Questionnaire
1. General Information
Company/Project Name
Contact Person
Email
Cloud Service Provider
Assessment Date
2. Data Protection
What types of data are stored in the cloud?
Is data encrypted at rest?
Yes
No
Is data encrypted in transit?
Yes
No
Where is your cloud data physically located?
3. Access Control
How are user roles and permissions managed?
Is Multi-Factor Authentication (MFA) implemented?
Yes
No
Are third parties granted access to the environment?
4. Security Monitoring
Is security monitoring/logging enabled?
Yes
No
Is there an incident response plan?
5. Compliance and Policies
Which regulatory requirements must be met? (e.g., GDPR, HIPAA)
Is there a documented cloud security policy?
6. Additional Concerns / Comments
Please specify any other cloud security concerns or comments