The European Banking Authority (EBA) has published final guidance for the use of cloud service providers by EU financial institutions. The guidance becomes applicable as of 1 July 2018 and is addressed to credit institutions, investment firms and Member State competent authorities.
The guidance clarifies EU supervisory expectations if institutions intend to adopt cloud computing, so as to allow them to leverage the benefits of using cloud services, while ensuring that any related risks are adequately identified and managed.
The guidance covers five key areas:
- the security of data and systems;
- the location of data and data processing;
- access and audit rights;
- chain outsourcing; and
- contingency plans and exit strategies.
View EBA issues guidance for the use of cloud service providers by financial institutions, 20 December 2017