The ubiquity of cloud computing platforms as a tool for companies to share, store and back up critical and sensitive data has catapulted the implementation of a comprehensive third-party cloud service provider program to the top of compliance officers’ ever growing to-do lists. During a recent seminar held by the Society of Corporate Compliance & Ethics, Web Hull, a privacy, data protection and compliance advisor provided a practical framework for engaging, managing, auditing and monitoring third-party cloud computing providers. This article summarizes those insights, including key risks, and compiles the resources compliance officers can use to meet the relevant state and federal cybersecurity regulatory requirements. See also “Examining Evolving Legal Ethics in the Age of the Cloud, Mobile Devices and Social Media (Part One of Two)” (Aug. 26, 2015); Part Two” (Sep. 16, 2015); and “The Advantages of Sending Data Up to the Cloud” (Jun. 17, 2015).