Interoperability and Portability

A key component of the Information Security Program are interoperability and portability.

IPY Control Domains

IPY-01: APIs -

  • IPY-01.1: Do you publish a list of all APIs available in the service and indicate which are standard and which are customized?


Policy to be referenced here is INSERT
*Action item: INSERT

IPY-02: Data Request -

  • IPY-02.1: Is unstructured customer data available on request in an industry-standard format (e.g., .doc, .xls, or .pdf)?


Policy to be referenced here is INSERT
*Action item: INSERT

IPY-03: Policy & Legal -

  • IPY-03.1: Do you provide policies and procedures (i.e. service level agreements) governing the use of APIs for interoperability between your service and third-party applications?


Policy to be referenced here is INSERT
*Action item: INSERT

  • IPY-03.2: If using virtual infrastructure, do you allow virtual machine images to be downloaded and ported to a new cloud provider?


Policy to be referenced here is INSERT
*Action item: INSERT

  • IPY-03.3: Do you provide policies and procedures (i.e. service level agreements) governing the migration of application data to and from your service?


Policy to be referenced here is INSERT
*Action item: INSERT

IPY-04: Standardized Network Protocols -

  • IPY-04.1: Is data import, data export, and service management be conducted over secure (e.g., non-clear text and authenticated), industry accepted standardized network protocols?


Policy to be referenced here is INSERT
*Action item: INSERT

  • IPY-04.2: Do you provide consumers (tenants) with documentation detailing the relevant interoperability and portability network protocol standards that are involved?


Policy to be referenced here is INSERT
*Action item: INSERT

IPY-05: Virtualization -

  • IPY-05.1: Do you use an industry-recognized virtualization platform and standard virtualization formats (e.g., OVF) to help ensure interoperability?


Policy to be referenced here is INSERT
*Action item: INSERT

  • IPY-05.2: If using virtual infrastructure, are machine images made available to the customer in a way that would allow the customer to replicate those images in their own off-site storage location?


Policy to be referenced here is INSERT
*Action item: INSERT

  • IPY-05.3: Do you have documented custom changes made to any hypervisor in use, and all solution-specific virtualization hooks available for customer review?


Policy to be referenced here is INSERT
*Action item: INSERT

Related Documents

  • None