A Checklist outlining key data privacy and cybersecurity issues to consider when engaging a third-party cloud services provider (CSP). This Checklist acknowledges organizations' needs to balance their operational goals with reasonable risk mitigation strategies by considering organization type and risk profile, the nature of the data entrusted to the CSP, information security practices, audit rights, and potential geographic issues.