Desktop version

Home arrow Computer Science

  • Increase font
  • Decrease font


<<   CONTENTS   >>

Cloud Computing Agreements

Checklist

Service Levels

□ Uptime

□ Response time

□ Problem response and resolution

□ Remedies

Data Security

□ Protection against security vulnerabilities

□ Disaster recovery and business continuity requirements

□ Frequency of data backups

□ Use of/return of data

□ Format for return of data

□ Review of security policies

□ Physical site visit

□ SSAE 18

□ Limitations on right to use data

Insurance

□ Cyber liability policy

□ Technology errors and omissions

□ Electronic and computer crime

□ Unauthorized computer access

□ Avoid only general liability policy

Indemnification

□ For breach of confidentiality and security requirements

□ For infringement claims

□ No limitation on types of IP covered

□ Consider limitation to US patents

Limitation of Liability

□ Application to both parties

□ Exclusions (from both consequential exclusion and cap on direct damages)

  • - Breaches of confidentiality
  • - Claims for which the vendor is insured
  • - Indemnification obligations
  • - Infringement of IP rights
  • - Breach of advertising/publicity restrictions

□ Overall liability cap as a multiple of fees

License/Access Grant and Fees

□ Broad permitted use

□ Avoid limitation to internal business purposes

□ Application to affiliates, subsidiaries, outsourcers, and others

□ Consider pricing

Term

□ Free ability to terminate

□ Consider limited notice period

□ Consider limited termination fee (if justified by vendor’s upfront costs)

Warranties

□ Data security

□ Redundancy/disaster recovery/business continuity

□ Performance in accordance with specifications

□ Services provided timely and in compliance with best practices

□ Provision of training as needed

□ Compliance with laws (both the software and personnel)

□ No sharing of client data

□ Software will not infringe

□ Software will not contain viruses

□ No pending/threatened litigation

□ Sufficient authority

Publicity/Use of Trademarks

□ No media announcement unless agreed

□ No use of customer marks without permission

Notification for Security Issues

□ Customer gets sole control over notification

□ Reimbursement for costs and expenses

Assignment

□ Ability to assign freely

□ Assignee assumes responsibilities under the agreement

Pre-Agreement Vendor Due Diligence

□ Questionnaire to vendors to include questions regarding

  • - Financial condition
  • - Insurance
  • - Existing service levels
  • - Capacity
  • - Physical and digital security
  • - Disaster recovery and business continuity processes
  • - Redundancy
  • - Ability to comply with applicable laws

Key Considerations and Essential Terms

Cloud computing is the use of the Internet or other telecommunications links to provide a user with access to software or other technology resources made available at a remote location. Depending on the type of information technology (IT) capability being offered as a service in the “cloud,” cloud computing is known by and commonly encompasses several different types of services such as Software as a Service (SaaS), Infrastructure as a Service (laaS), and Platform as a Service (PaaS). Regardless of the terminology used, cloud computing involves accessing software and infrastructure remotely and frequently includes storing data, often very sensitive and regulated data, in the cloud. While cloud computing agreements have some similarity to traditional software licensing agreements, they have more in common with hosting or application service provider agreements.

When drafting and negotiating cloud computing agreements, it is essential to understand how the application or platform will be used. A good place to start is by comparing the cloud computing model to the classic licensing model for delivery of software. In a traditional software licensing engagement, the vendor installs the software in the customer’s environment. The customer has the ability to have the software configured to meet its particular business needs, and the customer generally retains control over the data that is stored in and processed by the software and the system. In a cloud computing environment, the software and the customers data are hosted by the vendor, typically in a shared environment (i.e., many customers share the same server to access the software, and, therefore, the customers data is stored by and processed on the same server as other customer’s data) and the software configuration is much more homogeneous across all of the vendor’s customers (i.e., cloud applications are frequently not customizable or have a limited about of customization available). Accordingly, the customer’s top priorities shift from configuration, implementation, and acceptance in the traditional software licensing model to service levels (availability, responsiveness, and remedies) and data (security, redundancy, and use) in the cloud model. It is this reason that traditional software license agreements are not the best framework for cloud computing agreements. However, like a traditional software licensing agreement, a cloud computing agreement will include common provisions such as insurance, indemnity, limitations of liability and warranties, all of which remain important in cloud transactions. When drafting cloud agreements and working through cloud transactions, it is important to note that vendors often refer to “software” whenever discussing the cloud offering, though a particular offering may include services, infrastructure or software, or a mixture of all those. For simplicity, this chapter refers to “software” in the same context.

 
<<   CONTENTS   >>

Related topics