All intakes
INTK-2026-0040ProcurementCriticalRestricted
Cloud backup for production database
Off-site backup of our PostgreSQL clusters with point-in-time restore.
- Submitted
- SME review
- Procurement3
- Due diligence4
- Assessment5
- Contracting6
- Approved7
Overview
Business owner
Sara Lopezsara.lopez@company.com
SME reviewer
Priya Patelpriya.patel@company.com
Specialist reviews
Privacy·Approved w/ conditions
Security·Approved
Architecture·Approved
Procurement
Mike Johanssonmike.j@company.com
Vendor
Not assigned
Users
4
Annual cost
€36,000
Submitted
9 days ago
Updated
2 days ago
Expected go-live
—
General
- Nature of the service
- Cloud infrastructure / managed backup
- Proposed vendor (if known)
- —
- Estimated contracted value (€)
- 36,000
- Entity signatory
- Acme Group SA
- Beneficiary department
- Infrastructure
- Contract type
- New service
- Does the service support a critical or important business function?
- Yes
- If yes, which critical / important function?
- Customer transaction processing
- Is the service defined as a material process in the BIA? Select the RTO.
- RTO < 4 hours
Outsourcing
- Is it an outsourcing activity?
- Yes
- Is the supplier critical or important (per DORA / EBA logic)?
- Yes
- Will the supplier subcontract (4th parties)?
- No
- Is there a concentration risk (sole provider)?
- No
- Is an exit strategy available?
- Yes
Data privacy & AI
- Will the supplier have access to personal data in the delivery of the service?
- Yes
- Estimated volume of personal data processed per annum
- 1,000,000
- Estimated volume of sensitive personal data processed per annum
- 50,000
- Will data be transferred outside the EU / EEA?
- No
- Will the vendor act as:
- Processor
- Is a DPIA required?
- Yes
- Will the service use AI?
- No
Information security
- Maximum classification of information handled by the supplier
- Secret / restricted
- Will the vendor have privileged access to company systems and/or networks?
- Yes
- Will the vendor have access to the company's restricted zones / premises?
- No access
- Highest confidentiality impact in case of a major data leakage at the vendor
- High
- Highest integrity impact in case of major corruption at the vendor
- Critical
- Highest availability impact in case of major disruption at the vendor
- Critical
- Will the vendor host data?
- Yes
- Will the vendor access systems remotely?
- Yes
- Will the vendor connect via API / integration?
- Yes
- Authentication model: SSO / MFA required?
- Yes
- Any cyber certification (ISO 27001, SOC 2, etc.)?
- Yes