Cloud Services Due Diligence Checklist

Clearly identify your objectives and requirements before choosing a cloud service provider.

How to use the checklist

Microsoft created the Cloud Services Due Diligence Checklist, instructions, and worksheet to meet business needs with a standardized approach.

Photograph of person wearing headphones seated at a counter touching the screen of a laptop
Photograph of two people standing in a high-end factory space talking and pointing while one holds a Surface in tablet mode

Formalized service specifications

Once you know your objectives and requirements you can create formalized service specifications to address the business needs cloud service providers require to build an appropriate response.

How the checklist helps organizations exercise due diligence

The checklist promotes a thoroughly vetted move to the cloud, provides structured guidance, and a consistent, repeatable approach for choosing a cloud service provider.

 

Cloud adoption is no longer simply a technology decision. Because checklist requirements touch on every aspect of an organization, they serve to convene all key internal decision-makers—the CIO and CISO as well as legal, risk management, procurement, and compliance professionals. This will increase the efficiency of the decision-making process and ground decisions in sound reasoning, thereby reducing the likelihood of unforeseen roadblocks to adoption. In the case of Convergent Computing, a San Francisco-based IT consulting firm, they used the checklist to bring consensus to an otherwise chaotic decision process and reduced the decision cycle from a six-month process down to six weeks.

 

Learn how the Cloud Services Due Diligence Checklist helps protect you.

Download how the checklist helps protect organizations

The checklist provides

Key topics for decision makers

Highlights key discussion topics for decision-makers at the beginning of the cloud adoption process.

Support thorough business discussions

The checklist provides support thorough business discussions about regulations and objectives.

Help identifying potential issues

The checklist helps organizations identify any potential issues that could affect a cloud project.

Consistent questions

Consistent questions for every cloud service provider to simplify comparing different offerings.

Forrester Research study results

Cloud service agreement infographic

Cloud service agreement video

Microsoft commissioned Forrester Consulting to evaluate the current state of cloud agreements against the elements of the ISO/IEC 19086-1 Standard. View results of the study in a short video.

Cloud service agreement report

Why Microsoft created the Cloud Services Due Diligence Checklist

Microsoft developed the Cloud Services Due Diligence Checklist to help organizations exercise due diligence as they consider a move to the cloud. It provides a structure for any size and type of organization—from private businesses to public sector organizations including all levels of government and nonprofits—to identify their own performance, service, data management, and governance objectives and requirements. This assessment allows them to better compare the offerings of different cloud service providers and ultimately form the basis for a cloud service agreement.

 

The checklist provides a framework that aligns clause by clause with a new international standard for cloud service agreements, ISO/IEC 19086. This standard offers a unified set of considerations for organizations to help them make decisions about cloud adoption, as well as create a common ground for comparing cloud service offerings.

 

Microsoft has been an active member of the panel of experts that developed this standard over a three-year period. The checklist distills the standard’s 37 pages into a simpler, two-page document that organizations can use to negotiate a cloud service agreement that meets their business objectives. Because the checklist is grounded in the new standard, it’s service- and provider-neutral, applying to any organization requiring cloud services and any cloud service provider.

View the ISO/IEC 19086-1 standard

Microsoft and ISO/IEC 19086-1:2016 cloud service level agreement framework

Microsoft was one of many organizations that participated in the multiyear development of the ISO/IEC 19086-1 standard. Based on our involvement, we created the Cloud Services Due Diligence Checklist. Organizations can use the checklist to systematically consider requirements for cloud projects and structure cloud-service agreements and SLAs that meet business objectives. Because the checklist is grounded in the new standard, it is service- and provider-neutral and applies to any organization requiring cloud services and any service provider offering them.


|

ISO/IEC 19086-1 is the first of a new four-part international standard that establishes a framework and terminology for cloud service level agreements (SLAs). It offers a unified set of considerations for organizations considering cloud adoption, and common terminology so they can more easily compare cloud services and providers to ultimately establish an SLA.

No. ISO/IEC 19086-1 does not include a certification process. It is a guidance standard that provides a framework to help organizations conduct careful evaluations of cloud services and create cloud SLAs appropriate for their business.

The standard was created by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The ISO is an independent non-governmental organization and the world’s largest developer of voluntary international standards; the IEC is the world’s leading organization for the preparation and publication of international standards for electronic, electrical, and related technologies. Over a period of years, a joint ISO/IEC subcommittee created ISO/IEC 19086-1; Microsoft was one of many member organizations that participated.

Organizations should convene stakeholders from across the company to discuss how each checklist item applies to the organization, and specifically to the cloud project. The team can determine minimal requirements, weigh the importance of each item in the list, and assign responsibility for each item. Organizations are then in a better position to ask providers to respond to each of the considerations in the checklist, compare responses, and decide which provider best meets their organizational objectives.


Additional resources

Protection for you

How the Cloud Services Due Diligence Checklist helps protect you.

Watch an instruction guide

Cloud Services Due Diligence Checklist instructions guide.

Cloud Services Due Diligence Checklist