The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.
Featured on the ACEDS blog.
Follow me on Twitter and see How-To Videos on my YouTube channel.
New tips for paralegals and litigation support profesionals are posted to this site each night. Click on the blog headings for better detail.
The UK's G-Cloud programme is a digital marketplace where British government agencies can acquire cloud computing services. The UK has a 'cloud first' policy which requires that agencies purchase cloud based IT services, unless the alternatives are cheaper. The current framework agreement, G-Cloud 11, bans providers from disclosing confidential information without written consent, and information can only be disclosed to the cloud service provider's staff to the extent that it is necessary under the agreement. The supplier has to notify the government agency about security breaches immediately. Unless the law provides otherwise, data has to be deleted 7 years after the framework contract ends. The framework includes a separate schedule addressing the processing of data.
Providers listed on the G-Cloud are not required to have a specific cyber security certification, but the National Cyber Security Centre's Cyber Essentials Certification is recommended. This advises organizations to use a firewall; two factor authentication; Windows Defender to protect against malware; whitelisting (having an admin restrict installed applications to a pre-approved list); and use applications that allow for sandboxing - or the running of the software in an isolated environment with limited access to network data.