In the past, organizations would buy IT equipment (hardware or software) and manage it themselves. Today many organizations prefer to use cloud computing and outsourced IT services. The work of an organisation's IT officer has changed as a consequence: Instead of setting up hardware or installing software, IT officers now have to manage IT service contracts with vendors (cloud, datacentre, infrastructure, etc..). This survey gives a snapshot of how the IT officers in the European public sector are currently managing the security aspects of these service contracts. The survey produced full responses from 117 IT officers, from 15 different EU countries and all layers of government, who are either involved in procuring cloud or IT services or responsible for managing the SLAs.