Cloud Stewardship Economics Survey

Your responses to this survey will be used in research that will influence the policy discussion in the area of Cloud Computing. We would like to thank you for taking the time to fill the survey in.

Background Information - All responses are anonymous

How happy are you with your IT?

Very Happy

Mostly Happy

Somewhat Happy

neither happy nor unhappy

Somewhat Unhappy

Mostly Unhappy

Very Unhappy

Do you have a fixed frequency for IT investment?

Yes

How often on average do you invest in IT

Monthly

Quarterly

Half-yearly

Yearly

Once every 2-3 years

Over 3 years

Do you consider outsourcing IT as a single function or do you distinguish for different application or business functions?

Yes

How old is your business?

1-5 years

6-10 years

Over 10 years

How many employees do you have?

Under 5

6 - 25

26 - 100

101 - 500

Over 500

What is your annual turnover?

Under £100K

£101K - £500K

£501K - £1M

£1M - £5M

Over £5M

How many locations do you use?

2-5

Over 5

Are your locations across national borders?

Yes

Are some of your locations outside the EU/EEA?

Yes

Information Security Handling

Do you hold information that would be considered commercially sensitive by you?

Yes

Do you hold, access or process information that your customers would consider commercially sensitive?

Yes

Have you ever assessed the impact a breach of confidentiality and/or availability would have on your businesses cash flow, profitability and reputation?

Yes

Which of the Following do you have Documented Within Your Organisation?

Do you have an information security policy?

Yes

Do you have a business continuity policy/plan?

Yes

Do you have a policy for choosing and engaging with third party suppliers?

Yes

Responsibilities

Who is accountable to customers, the legal system, regulators or any other third party outside of the business, should there be a breach of information security?

Managing Director / Chief Executive /Business Owner

Internal Manager

External Resource

Who within your business is responsible for understanding and managing the information security risks which may exist when outsourcing business processes or systems?

Managing Director / Chief Executive /Business Owner

Internal Manager

External Resource

How confident are you that you would know what questions to ask suppliers about their management of information security risks regarding your data or systems.

Extremely confident

Confident

Somewhat Confident

Not too Confident

Not at all confident

Supply Chain Risk Management and Information Assurance

If there was a breach of your businesses information confidentiality as a result of your suppliers' poor information security practices would you be prepared to invest the time and money to pursue them in a court of law?

Yes

On a scale of 1 - 5 (1 being most important, 5 being least) how would you rate the following impacts on your business resulting from a breach of information confidentiality and/or service delivery:

Do you assess what information security risks may exist when outsourcing a business process, system or engaging a third party supplier?

Yes

As you answered No, please identify a reason from the following:

My information is not vital to our main revenue processes

I do not know how to verify best practice

Price is currently more important than potential security breaches.

The only supplier of the critical service I require does not provide such assurances

As you answered Yes, would it be because of any of the following reasons?

The business need would outweigh the information security risks.

You would have reason to doubt whether other suppliers could provide adequate evidence of their management of information security risks.

You doubt whether a regulator would pursue a small business for a breach of statutory or industry regulations.

Which of the following threats would you consider to be MOST important when looking to understand the risk when outsourcing a business process to a third party supplier?

Service delivery/resilience/continuity

Contractual obligations with customers

Information confidentiality

Legal system which governs your relationship with your supplier

Information system security

Contract termination including the deletion and/or return of all information exchanged as part of the busienss relationship.

Legal & regulatory obligations

What evidence of how a supplier manages risks to your information or information systems whilst in their possession do you look for?
	Important/Critical	Considered/Secondary Importance	Not Important
Terms & conditions of supply
Data protection clauses
Other data security clauses
Termination of contract
Data retention policy
Jurisdiction Clauses
Technology deployed
Information and/or IT security standards implemented by supplier
Right to audit a supplier
We don't look for such evidence

If a 3rd party supplier couldn't prove that they were following information security best practice would you still be prepared to do business with them?

Yes

Yes, but on the condition that they will implement information security best practice

If a supplier provided a demonstrably more secure service at a premium price would you be inclined to upgrade?

Yes

Are you using any external software services, sometimes called SaaS (software as a service) to help you deliver your business?

Yes

As you answered yes, what part of the business is using this:

Sales

Finance

Project Management

Marketing

Operations

Are you using any external IT hosting services, sometimes called IaaS (Infrastructure as a service) to host, support and maintain your IT infrastructure?

Yes

Cloud Services that You are Using

Are you currently using a Customer Relationship Management service provided via a web interface?

Yes

Are you using any externally hosted and maintained software, sometimes called software as a service (SaaS) to help support or deliver business processes. For example HR, payroll, sales and accounts.

Yes

Are you using any externally IT hosting services, sometimes called (IaaS) infrastructure as a service to host, support and maintain your IT infrastructure?

Yes

Many Thanks For Your Time

Please note down this password (case sensitive) for accessing the Cloud Migration Security document Cloud Document Password: xw345fty