How to Perform Cloud Computing Due Diligence

Cloud computing makes sense for nonprofits on a variety of levels. While some have dipped a toe in the cloud computing waters with non-critical applications such as online publishing or project management, many nonprofits have not tapped the cloud’s full potential.

To be sure, migrating critical applications such as accounting and financial management to the cloud can feel like a technological leap of faith. But with the proper due diligence, there’s no reason your organization can’t benefit from the increased productivity, security and cost savings of remotely hosted data.

TechSoup, a 501(c)(3) nonprofit that helps other nonprofits make informed decisions about technology, offers some sound guidance for evaluating cloud providers, including these key steps:

Verify performance.

A reliable provider will offer real-time information on its performance levels. Look for guaranteed performance of 99.8 percent or better. Ditto for rapid response to issues.

Verify backup.

Best are continuous local backups plus streaming backups to a remote disaster recovery center.

Verify compliance.

Review a cloud provider’s audit or certification of security, backups and maintenance practices — commonly referred to as a SSAE 16 “SOC 1” Type II audit. If you need to be HIPAA or PCI DSS compliant (you handle credit card information for processing donations or payments), make sure that your service provider is properly certified.

Verify ownership.

Make sure that you still own your information and can get your data back out of the cloud when you need it.

Transition incrementally.

Focus on your processes and workflows, then try a cloud tool that can help address a currently ineffective or challenging process. Select the tools that will help you do your work better.

Plan for divorce.

Pay close attention to the terms of your agreements with cloud providers. This is especially true when it comes to termination clauses and the process by which the data will be returned to or retrieved by your business upon termination of the contract.