| NODIS Library | Organization and Administration(1000s) | Search |

NASA Ball NASA
Procedural
Requirements 		NPR 1441.1E
Effective Date: January 29, 2015
Expiration Date: May 23, 2026
COMPLIANCE IS MANDATORY FOR NASA EMPLOYEES
Printable Format (PDF)

Subject: NASA Records Management Program Requirements (Updated w/Change 3)

Responsible Office: Office of the Chief Information Officer


| TOC | ChangeLog | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | ALL |

Appendix G. Cloud Services Records Management Checklist

1. Have all of the key stakeholders (IT, Records Management, Department or Agency Management) met to discuss all relevant requirements before entering into a contract or SLA with a provider?
2. Has your cloud service provider met your regulatory requirements?
3. Have you assessed your provider's viability?
4. Does the provider guarantee record integrity, authenticity, and reliability?
5. Do we know who all the participants in the supply chain are (subcontractor layers in cloud-based services) so that we can engage in our (legally mandated) contracts with every party that touches this information?
6. What will happen to our data at the end of the contracting period?
7. Can we move some or all of our data from one provider to another (vendor lock-in, the use of proprietary software)?
8. Does the provider have the technical capability to capture, manage, retain, make available to authorized users, and apply retention schedules to the records or transfer permanent records to NARA?
9. Does the provider have sufficient audit management capabilities?
10. Has the contract or SLA specified ownership of records and data?
11. Does the provider have the technical capabilities to respond to access related issues?
  • access controls/permissions
  • record disposition/destruction actions
  • (If not, can they offer an acceptable proxy for disposition/destruction?)
  • security/privacy breaches
  • legal holds
  • e-Discovery
12. How are our data and records segregated from other tenants of this provider?


| TOC | ChangeLog | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | ALL |
 
| NODIS Library | Organization and Administration(1000s) | Search |

DISTRIBUTION:
NODIS

This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.