Management of privacy and security in cloud computing: Contractual controls in service agreements

Deniz Tuncalp*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

1 Citation (Scopus)


There are a number of risk domains that are relevant for information privacy and security in cloud-based scenarios and alternative deployment models, which require implementation of a number of controls. However, cloud service providers often take a one-size-fits-all approach and want all their customers to accept the same standardized contract, regardless of their particular information security and legal compliance needs. Taking ISO 27001 Information Security Management standard as a guide, we have employed the Delphi method with a group of cloud computing experts from around the world who are subscribed to the "Cloud Computing" group on LinkedIN to identify the most applicable controls in a generic cloud service provider-customer context. Based on these results, we use a sample of cloud computing customer service agreement as a case study to further discuss related contingencies. As a result, this chapter argues that a more balanced approach is needed in service contracts to ensure the maintenance of necessary service levels and the protection of cloud users.

Original languageEnglish
Title of host publicationDelivery and Adoption of Cloud Computing Services in Contemporary Organizations
PublisherIGI Global
Number of pages26
ISBN (Electronic)9781466682115
ISBN (Print)1466682108, 9781466682108
Publication statusPublished - 31 Mar 2015

Bibliographical note

Publisher Copyright:
© 2015 by IGI Global. All rights reserved.


  • Access control
  • Information leakage
  • Information privacy
  • Information security
  • Post termination assistance
  • Privacy of third parties
  • Service contracts


Dive into the research topics of 'Management of privacy and security in cloud computing: Contractual controls in service agreements'. Together they form a unique fingerprint.

Cite this