Usage of cloud storage and services must comply with CSU Information Security Policy and Standards, including Section V.C.8 – Cloud Storage and Services. Cloud computing services are application and infrastructure resources that users access via the Internet. A completed Security Data Requirements Checklist, Vendor Security Plan (refer to Section 8.a. – Acquisition), and a plan to be compliant with the standard. The documentation must be reviewed and approved by the SDSU Information Security Officer or an approved delegate via the SDSU Technology Acquisition Review Process (TARP). Refer to the TARP Vendor Risk Assessment resource page for detailed information on the process and how to get started.

*Note: Documents in Potable Document format (PDF) require Adobe Acrobat Reader 9.0 or higher to view. Download Adobe Acrobat Reader