SURF Framework of Legal Standards for (Cloud) Services(Publicatie)

The SURF Legal Standards Framework for (Cloud) Services describes the standards with regard to confidentiality, privacy, property and availability when concluding contracts with (cloud) suppliers. It includes standard provisions and processing agreement that offer institutions a solid basis for contracts with suppliers.

19 OCT 2016

Content of Legal Framework

An important part of the SURF Legal Standards Framework (Cloud)services is the Processors Agreement. In October 2017, this Agreement was brought into line with the General Data Protection Regulation (GDPR). The SURF Legal Committee advised SURF that this version should be included in the Legal Standards Framework. SURF's Executive Committee took a positive decision on this in November 2017.

New processors agreement 2017

The new Processor Agreement (PDF) contains an overview of the most important changes compared to the Processor Agreement (October 2016 version). There is also a Dutch version (PDF) available.

The Word versions of these documents can be obtained at SCIPR's private wiki.

The Legal Committee plays an important role in the drafting of the Processors' Agreement. More information on the role and composition of the Committee on Legal Affairs can be found in this document (in Dutch)

In addition to the Processors' Agreement, the Appendix B (Instructional Instruction), C (Guidelines Security Measures) and D (Guidelines Audit Obligation) will also be adapted to the new Processors' Agreement. 

Processor agreement 2016

The versions from 2016 can be found here:

The Framework also has the following annexes:

  • A. Processor Agreement (PDF): this is an example for making arrangements with suppliers (as processors). This version was updated in October 2016. You can request the Word version from SCIPR.
  • B. Instructions with the Processor Agreement (PDF): practical instructions and explanation in terms of the provisions and annexes of the Processing Agreement.
  • C. Guidelines for Security Measures (PDF): this document explains the so-called 'suitable security measures' addressed by the Framework and Processing Agreement.
  • D. Guidelines for Audit Obligations (PDF): the Processing Agreement discusses an audit obligation. This is explained further in this document.

More information

Number of times shown:
Number of times downloaded:
Latest modifications 10 Dec 2018