Check if the University has negotiated agreements with the cloud service provider
The service providers that have agreements with the University are usually accessed and being regarded as reliable, it'll be easier for you to remain secure when using the cloud service. If they do have agreements with the University, check the legal requirements so that you remain responsible.
Assess the cloud service provider
Before using a specific cloud service, it's better to know the basic terms and conditions of the service, so that you can check if the service is compliant, and will remain compliant. It's also necessary to assess the risks of using this cloud service, including the usability, continuity and availability of the service, which can all influence the data you put in the cloud.
Getting assurance or help with procurement
If you are procuring a new solution that is currently not supported by the University, you should complete a Data Privacy Impact Assessment.
Data protection impact assessments (DPIAs)
Once complete, you can contact Information Security if you need assistance appraising the security controls your supplier has in place.
Personal data
If the data contains personal data, you must check that the data will be controlled and processed in accordance with the Data Protection Act and complete a Data Privacy Impact Assessment where this is a new use of data or a new service.
Access Controls
Make sure you understand how both yourself and anbody else who needs to will access the data.
Understand where your data is being stored
Some cloud service providers store data all over the world. Check the storage areas (UK, Europe, USA etc) of the data you stored.
Encrypt your data
Check that any cloud service provider handling data on your behalf will encrypt it, both at rest and in transit.