Cloud PII Processor Policy

The Cloud PII Processor Policy defines mandatory privacy requirements for cloud services where the organization acts as a PII processor or subprocessor. Its scope includes SaaS, PaaS, IaaS, hosted applications, managed cloud, cloud support, cloud storage, cloud analytics and cloud infrastructure services that process PII on behalf of customers. The policy is designed to keep cloud processing aligned to documented customer agreements, customer instructions, upstream processor instructions, subprocessor arrangements, cloud-region configuration, cloud support access, service administration, backup, replication, logging, monitoring, deletion, return, breach support, audit support and customer assistance obligations. A central purpose of the policy is evidence-driven control. Before customer onboarding or material service change, the Privacy Lead / PIMS Manager must record each cloud PII processing service, processing role, customer instruction source, PII categories, PII principal categories, service purpose, processing location, subprocessor dependency, deletion dependency and transfer flag in REG02 and REG08. The policy also requires cloud processor control applicability to be recorded in REG03, transfer and location routing to be captured in REG09 where relevant, cloud PII incidents to be managed through REG10, and monitoring, exceptions, disputes, validation results and corrective actions to be handled through REG12. This keeps cloud processor obligations integrated with the existing PIMS policy set and avoids creating separate registers for contracts, services, tenant isolation, access, logs, deletion, support, audits, breaches or subprocessors. The policy sets practical requirements across the cloud service lifecycle. It requires documented customer or upstream processor instructions before processing begins, review of instructions that appear inconsistent with obligations or approved service scope, and approval before any customer PII is processed outside documented instructions. It also addresses cloud configuration and security evidence by requiring shared-responsibility boundaries, tenant isolation validation, controlled administrative access, quarterly review of privileged access and logging coverage, separation of environments, and recorded backup, replication, log storage and support-access locations. These requirements are deliberately linked to existing PII security controls rather than replacing the broader PII Security and Access Control Policy. Subprocessor and cloud supply-chain governance are treated as core processor obligations. The Vendor / Procurement Owner must record cloud subprocessors, infrastructure providers, hosting providers, managed service providers, support providers and other material cloud service dependencies before use. The policy requires evidence of customer authorization or documented authorization basis, flow-down obligations for privacy, security, assistance, incidents, return, deletion, audit support and transfers, and records of service locations, remote support locations, hosting regions and onward transfer routing. It also requires customer notification of intended cloud subprocessor changes within the contractually required notice period and at least annual review of active cloud subprocessor and cloud dependency records. The policy also covers customer assistance, audit support, breach interface, deletion and exit. Customer assistance obligations for rights requests, deletion, correction, restriction, access, audit, DPIA support and breach support must be recorded before contract execution or service activation. Customer-requested rights support must be completed within the customer-agreed timeframe, privacy-significant DPIA or assessment assistance requests must be reviewed within ten business days, and overdue or disputed assistance requests must be tracked. For exit, the policy requires evidence of export, return, transfer or deletion capability before onboarding or material service change, completion within customer-agreed timeframes, inclusion of live systems, backups, replicas, logs, temporary files, staging environments and support copies, and nonconformity handling when obligations cannot be completed on time. Governance is reinforced through quarterly evidence completeness reviews, annual policy and subprocessor reviews, audit sampling, metrics, enforcement actions and Top Management approval for material exceptions and revisions.