SURF Legal Framework of Standards (Cloud) Services

Do you want to enter into a contract with (cloud) suppliers? In the SURF Legal Framework of Standards for (Cloud) Services you will find the rules for confidentiality, privacy, ownership and availability. It contains standard provisions and a model processing agreement that give institutions a solid basis for contracts with suppliers.

Stoplicht op groen

Legal Framework of Standards

If, as an institution, you want to establish a good legal basis for making agreements with (cloud) providers, you can use the SURF Legal Framework of Standards for (Cloud) Services (pdf, version September 2018).

Appendices to the Framework of Standards

The Standards Framework also contains a number of important annexes to help you use the Standards Framework properly.

Document Description
SURF processor agreement 3.0 (pdf, version April 2019) You can use this template to draft your own processor agreements. The Legal Committee plays an important role in drafting the processor agreement. Also available in English (pdf).

Incidentally, you can still use the old version of the processor agreement; please contact SCIPR for this.
Amendment document (pdf) Overview of changes compared to the previous version of the SURF processing agreement. Also available in English (pdf)
Instruction (pdf) Practical instruction and explanation of the provisions and annexes of the Model Processing Agreement.
Security measures guide ( pdf) Explanation of the so-called 'appropriate security measures', which are addressed in the Standards Framework and the Model Processor Agreement.
Audit obligation guide (pdf) Explanation of the audit obligation discussed in the Model Processor Agreement.

Members of SCIPR can request Word versions of these documents via SCIPR's private wiki.

Other useful documents

In addition to the Standards Framework and its annexes, these documents are available:

Document Description
Model Joint Responsibility Agreement (pdf) Model for parties within a partnership, where the various parties act as joint controllers within the meaning of the GDPR.
Comparison Framework ibp - Processor agreement (pdf) Comparison between 'Generic model Processor Agreement 3.0 Framework ibp in mbo' and the SURF Processor Agreement.
Comparison between SURFLegal Standards Framework - Data Pro Code (pdf) Comparison between the SURF Legal Framework for (Cloud) Services and the Data Pro Code of NLdigital

More information