The European Securities and Markets Authority (ESMA) on May 10 published final guidelines on outsourcing to cloud service providers (ESMA Guidelines) to help firms and competent authorities identify, address, and monitor the risks and challenges arising from cloud outsourcing arrangements. Subject to a few clarifications, the ESMA Guidelines are broadly consistent with the draft guidelines.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
Annual spending worldwide on cloud services is expected to increase by 23% in 2021, according to a recent article in The Wall Street Journal, which cites a forecast by IT research and consulting firm Gartner Inc. Since the beginning of the COVID-19 pandemic, businesses have shifted to cloud-based services to support remote work, but businesses are also using the shift in attitudes toward cloud services to move more complex IT needs to the cloud. The article reasons that the push to use cloud services may also be due to the hybrid workplace model that many businesses are adopting, where workers can work both in the office and from home. This model requires that remote workers have access to critical software and infrastructure.
Last week, we posted on the guidance issued by the US Department of Labor (DOL) for plan sponsors, plan fiduciaries, recordkeepers, and plan participants on cybersecurity best practices. Last week’s post focused on the guidance provided for hiring a service provider. In this week’s post, we will highlight some the DOL’s cybersecurity program best practices for use by recordkeepers and other service providers responsible for plan-related IT systems and data.