Cloud Computing Contract Best Practices - Key Terms
Best practices are defined by top CIOs
The cloud computing model is gaining popularity, but it includes risks that are often overlooked when assessing the appropriateness of the sourcing model.
When assessing cloud vendors, CIOs need to understand what can be negotiated in contracts The nine key terms to understand in cloud deals to mitigate excessive risk include:
- Business Continuity and Disaster Recovery - Cloud contracts rarely contain any provisions about disaster recovery or provide financially backed recovery time objectives. Include backup and restoration requirements in the contract.
- Security and Compliance- As part of the cloud-sourcing strategy, procurement and security executives should ensure that the provider's security practices are at the same level as, or exceed, their own security practices, especially if the company falls under industry or national privacy-related regulations.
- Liability - Enterprises should try to negotiate for high liability protections. Leverage the fact that providers would have liability insurance to achieve higher caps, and be prepared to walk away if this issue is not resolved.
- Uptime Guarantees - Cloud contract negotiators must be aware of the performance service levels required and ensure that they are documented contractually, ideally with penalties, if the performance standards are not achieved.
- Penalties - If downtime or performance service levels are not met, negotiate penalties and escalation clauses. Rather than credits, money back is preferable, in terms of your negotiating leverage and pressure on the provider, because no vendor likes to have to give money back, once booked.
- Eliminate Penalty Exclusions - Enterprises should look carefully at exclusions to the right to penalties. For example, they should ensure that any downtime calculation starts exactly when the downtime commences.
- Sensitive Data Privacy Conditions - Contracts should unequivocally state that the cloud provider will not share personal data with anybody else and that they will only do what the enterprise says they should do.
- Suspension of Service - Enterprises should negotiate an agreement that payments in any current legitimate dispute should not lead to a suspension of service.
- Termination - Enterprises should negotiate for at least six months’ notice from the provider to terminate, unless they have materially breached the contract.
The Practical Guided for Cloud Outsourcing Template includes -- Sample Cloud Outsourcing Contract along with a Service Level Agreement and other tools to facilitate the cloud outsourcing process. The template includes Janco's exclusive Business and IT Impact Questionnaire.