Third Party Risk Management - Consultancy, Assessment & Advisory

Evaluating Cloud Risk for the Enterprise – An Updated Shared Assessments Guide

Shared AsseEvaluating Enterprise Cloud Risk - Shared Assessments Guidessments has released its updated guide to Evaluating Cloud Risk for the Enterprise. Using this Cloud Guide, risk managers can begin to evaluate specific areas of cloud risk, ask the right questions and ensure they get answers they understand.

Executive Summary

This Guide is the second iteration of the Evaluating Cloud Risk for the Enterprise, the first one having been published in 2010.

In the past seven years we have seen tremendous changes in technology, personnel and business practices. Cloud has now become the de facto industry model for providing a computing service. Mobile has become the most common model for accessing data. Cloud platforms are managing billions of Internet of Things (IoT) devices daily and new exciting developments are evolving, such as microservices, to allow previously unimaginable scalability and efficiencies.

This updated Guide is based on the combined experience of the hundreds of Shared Assessments members and peer organisations across all verticals who have successfully integrated cloud computing into their operations. Many of the Delta Cloud Controls have stood the test of time and some new controls have been added based on industry change and evolving technology.

This Guide fosters successful deployment and monitoring of cloud computing technologies by helping organisations and their risk managers better understand and evaluate the use of cloud computing enterprise-wide. Included are practical recommendations, questions to discuss with cloud providers, and lessons learned for control domains that are cloud-related. The recommendations and guidance in this document may be used in conjunction with the Shared Assessments Program Tools and resources, or may be selectively incorporated into other types of audits or assessments of environments containing cloud elements, such as the AICPA Service Organisation Control (SOC) or Statements on Standards for Attestation Engagements (SSAE).

Ultimately, this Cloud Guide targets audiences with varying levels of cloud expertise and knowledge. Cloud users may choose to read the document from start to finish, or read relevant sections, using it as a reference tool.

Download the full White Paper : Evaluating Cloud Risk for the Enterprise

Contact DVV Solutions

As a Shared Assessments program member and registered Assessment Firm we utilise industry-standard practices including Standardised Information Gathering (SIG) questionnaires and Agreed Upon Procedures (AUP) for onsite assessments. Learn more about how our experience and expertise can help improve your Third Party Risk Management program.

Contact Us: Complete our Contact Form

Call Us: 0161 476 8700


About Shared Assessments

As the trusted source in Third Party risk, the member-driven Shared Assessments Program has been setting the standard in Third Party risk assessments since 2005. Shared Assessments Program members work together to build and disseminate best practices, building resources that give all Third Party risk management stakeholders a faster, more rigorous, more efficient means of conducting security, privacy and business resiliency control assessments. For more information on Shared Assessments, please visit