Cloud Service Provider Security Assessment Template
Provider Information
Cloud Provider Name
Contact Person
Email
Service(s) Assessed
Certification & Compliance
Standard/Framework
Certified?
Comments
ISO 27001
Yes
No
SOC 2
Yes
No
GDPR
Yes
No
Other
Security Controls
Control Area
Implemented?
Details
Data Encryption (at rest & in transit)
Yes
No
Identity & Access Management
Yes
No
Vulnerability Management
Yes
No
Incident Response
Yes
No
Physical Security
Yes
No
Other
Data Management
Data Location(s)
Data Retention Policy
Data Deletion Process
Subcontractors / Third-Party Services
List of Subcontractors or Third-Party Services Used
Third Party Risk Management Approaches
Other Comments / Notes