Q!Digitz                                         Vol 1            Aug 2019







              Reviewing  the  GRC  of  CSP.  If  possible,
            reports  on  risk  assessment,  controls  and
            monitoring them should be presented to the
            bank by the CSP periodically.
              Reviewing  whether  Bank  has  done  analysis
            on  forensic  data  it  needs  to  collect  and
            whether it is agreed with CSP along with the
            capture  process.  This  is  crucial  from  the
            legal aspect.
      Termination  and  Exit  Clauses–Auditor  needs  to
      review  the  contract  to  understand  agreement
      between the Bank and CSP in case of termination
      and closure. Such an event could occur in multiple
      cases  like  CSP  closing  operations,  dispute  with
      CSP, transferring operations to another competitor
      CSP.


              No image or data is withheld by CSP and use
            this as a bargain.
              Clear  and  well-established  policies  are
            de ned  and  agreed  should  such  a  scenario
            arise.
              Legal implications and penalty clauses in the
            contract for misuse of residual data by CSP

      The  above  given  thoughts  are  a  way  of  making
      compliance     practices   stronger   and    derive
      meaningful outcome from the Audits performed in
      cloud.





























                                                         DigitQ.in