F
FrameReader
Hello,
Our company archives some of its documents with a document storage company. Some of the information contained in these documents has some bearing on the service that we provide. I'm not a lawyer but the language in our contract with the document storage company strikes me as being fairly minimal. They commit to providing 'ordinary care' to our documents, and that's about it.
If our stuff gets lost or destroyed, they'll reimburse us for the cost of the actual hardware (digital storage media), which is nice I guess, but if any of our archived info was ever lost or destroyed, being reimbursed for the cost of some digital media would rank low on our list of concerns.
So anyways, we decided it would be a good idea to pay a visit to the site where they store our stuff. I've heard it said that clause 7.5.2 of the Standard, while called 'Validation of processes for service provision' could also be thought of as basically being a 'do what you reasonably can to control external processes'.
The storage of these documents is certainly an external process. According to part (a) of the clause, we should define criteria for reviewing and approving these processes. So I figure, we'll have a look around their site, maybe see if they have some kind of sprinkler system to control fires, good security measures, security cameras ...
Do the experts in the cove have any ideas regarding what else we might want to look for here?
Thank you,
FrameReader
Our company archives some of its documents with a document storage company. Some of the information contained in these documents has some bearing on the service that we provide. I'm not a lawyer but the language in our contract with the document storage company strikes me as being fairly minimal. They commit to providing 'ordinary care' to our documents, and that's about it.
If our stuff gets lost or destroyed, they'll reimburse us for the cost of the actual hardware (digital storage media), which is nice I guess, but if any of our archived info was ever lost or destroyed, being reimbursed for the cost of some digital media would rank low on our list of concerns.
So anyways, we decided it would be a good idea to pay a visit to the site where they store our stuff. I've heard it said that clause 7.5.2 of the Standard, while called 'Validation of processes for service provision' could also be thought of as basically being a 'do what you reasonably can to control external processes'.
The storage of these documents is certainly an external process. According to part (a) of the clause, we should define criteria for reviewing and approving these processes. So I figure, we'll have a look around their site, maybe see if they have some kind of sprinkler system to control fires, good security measures, security cameras ...
Do the experts in the cove have any ideas regarding what else we might want to look for here?
Thank you,
FrameReader