SURF Legal Framework of Standards (Cloud) Services
Do you want to enter into a contract with (cloud) suppliers? In the SURF Legal Framework of Standards for (Cloud) Services you will find the rules for confidentiality, privacy, ownership and availability. It contains standard provisions and a model processing agreement that give institutions a solid basis for contracts with suppliers.
Legal Framework of Standards
If, as an institution, you want to establish a sound legal basis for making agreements with (cloud) providers, you can use SURF's Legal Framework of Standards for (Cloud) Services (pdf, version September 2018).
Appendices to the Framework of Standards
The Standards Framework also contains a number of important annexes to help you use the Standards Framework properly.
| Document | Description |
|---|---|
| SURF processor agreement 4.0 (pdf, version November 2024) | The SURF Model Processor Agreement 4.0 helps you easily comply with the AVG, for example when entering into contracts with suppliers that use personal data. The new version focuses, among other things, on security and transfer of personal data, is more flexible in use and is specifically tailored to the education and research sector. You can read more on the Privacy Expertise Centre site. |
| Security measures guide ( pdf) | Explanation of the so-called 'appropriate security measures', which are addressed in the Standards Framework and the Model Processor Agreement. |
| Audit obligation guide ( pdf) | Explanation of the audit obligation discussed in the Model Processor Agreement. |
Members of SCIPR can request Word versions of these documents via SCIPR's private wiki.
Other useful documents
In addition to the Standards Framework and its annexes, these documents are available:
| Document | Description |
|---|---|
| Model Joint Responsibility Agreement (pdf) | Model for parties within a partnership, where the different parties act as joint controllers within the meaning of the AVG. |
| Comparison Framework ibp - Processor agreement (pdf) | Comparison between 'Generic model Processor Agreement 3.0 Framework ibp in mbo' and the SURF Processor Agreement. |
| Comparison between SURF Legal Standards Framework - Data Pro Code (pdf) | Comparison between the SURF Legal Framework for (Cloud) Services and the Data Pro Code of NLdigital |
More information
- Wiki 'Principles of the AVG'.
- View the 25 most common personal data processing operations with BIV classification (pdf).
- Acceptable Use Policy for employees (pdf) and for students (pdf).