A review of cloud computing services in the Commerce Department found missing clauses in contractors’ agreements to permit reviews of their facilities and operations, as well as lack of compliance with federal security standards.
In examining a sample of cloud service contracts from three bureaus, the department’s inspector general found that four did not contain a specific Commerce Department clause that would allow its investigators access to the provider’s facilities, installations, operations, documentation, databases and personnel that would be used to perform such services. As a result, the IG would not be able to conduct inspections, investigations, audits and other reviews.
Additionally, one contract did not contain a Federal Acquisition Regulation (FAR) clause that would permit the agency access to a service provider’s installations, documentation, records and databases, which is needed to make sure that government data remains secure and confidential, according to an IG memo dated Oct. 14, 2014.
Keep reading this article at: http://www.fiercegovernmentit.com/story/commerce-ig-cloud-service-contracts-lack-needed-clauses-security-standards/2014-10-20