Knowledge Article - University of Leeds IT

Suppliers of Software-as-a-Service cloud solutions - to the University of Leeds - are required to self-certify against Cloud Minimum Standards (attached). This forms part of the New Service Assessment process to inform purchasing decisions including contract renewals. A satisfactory Data Processing Agreement will also be required to accompany the Cloud Minimum Standards.

These Cloud Minimum Standards seek to provide base-level assurances to the University for the qualification of stand-alone Service-as-a-Service solutions. This may give rise to the further need for a Standard Non-Functional Requirements assessment (see KB0015419). Examples of where the use of Cloud Minimum Standards will not suffice are where the solution includes:

Systems integration (beyond Single Sign-On)
Critical services (e.g. >99.9% service availability)
Non-trivial Data Protection Agreement (e.g. highly confidential)
Special compliance or regulatory requirements (e.g. PCI-DSS or NHS DSPT or ISO27001)

The Cloud Minimum Standards has been approved by the Design Authority at the University of Leeds (28th April 2021) and to be reviewed yearly, or sooner when appropriate.

The New Service Assessment process is managed by the Business Relationship Management team in IT Services (see KB0012310).