Home Computer Science
Table of Contents:
Because software delivered in a cloud environment is provided as service, like any service, the customer should be able to terminate the agreement at any time without penalty and upon reasonable notice (a few days to up to thirty days). Tire vendor may request a minimum commitment period from the customer to recoup the vendor’s “investment” in securing the customer as a customer (i.e., sales expenses and related costs); however, these should be minimal since there is not a significant amount of upfront costs incurred by providers of cloud-based software applications. If the customer agrees to this, the committed term should be no more than a few months or, in some circumstances, up to one year, and the vendor should provide evidence that it has actually incurred the upfront costs to justify such a requirement.
In a cloud computing agreement, the key warranties as to uptime and access are covered by the service levels. Warranties regarding data security, redundancy, and use were previously covered in this chapter. Beyond those critical warranties and service levels, several other warranties are appropriate to include in cloud computing agreements.
Hie vendor should warrant the following:
■ The software will perform in accordance with the vendor’s documentation (and any agreed-upon customer specifications).
■ All services will be provided in a timely, workmanlike manner, in compliance with industry best practices.
■ The vendor will provide adequate training, as needed, to customer on the use of the software.
■ The software will comply with all federal, state, and local laws, rules, and regulations.
■ The customer’s data and information will not be shared with or disclosed in any manner to any third party by vendor without first obtaining the express written consent of customer.
■ The software will not infringe the intellectual property rights of any third party.
■ The software will be free from viruses and other destructive programs.
■ There is no pending litigation involving vendor that may impair or interfere with customer’s right to use the software.
■ The vendor has sufficient authority to enter into the agreement and grant the rights provided in the agreement to customer.
Publicity and Use of the Customer Trademarks
The customer’s reputation and goodwill are substantial and important assets. This reputation and goodwill are often symbolized and recognized through the customer’s name and other trademarks. Accordingly, every cloud computing agreement (and most other IT agreements) should contain a provision relating to any announcements and publicity in connection with the transaction. The vendor should be prohibited from making any media releases or other public announcements relating to the agreement or otherwise using the customer’s name and trademarks without the customer’s prior written consent.
Notification for Security Issues
The cloud computing agreement should require that if a breach of security or confidentiality occurs, and it requires notification to customer’s customers or employees under any privacy law (federal, state, or otherwise), then the customer must have sole control over the timing, content, and method of such notification. The vendor should be prohibited from notifying affected customer’s customer unless specifically instructed by the customer to do so. These agreements commonly also contain a requirement that if the vendor is responsible for the breach (whether partially or fully), then the vendor must reimburse the customer for the customer’s out-of-pocket costs and expenses associated with customer providing the notification—even if the customer was not required by applicable law to provide the notification but did so as a gesture of goodwill toward its affected customers or to preserve its reputation among its customer base.
A provision prohibiting the customer from assigning its rights under the agreement should be avoided. Cloud computing agreements often permit the customer to assign its rights to its affiliates and other entities that may become successor or affiliates due to a reorganization, consolidation, divestiture, or the like. Any concerns the vendor may have from an assignment can be addressed by the requirement that the assignee will accept all of the customers obligations under the agreement. Similarly, the customer should also obtain assurance that any vendor assignee will agree to be bound by all of the terms and conditions of the agreement, including without limitation service level obligations.
Pre-Agreement Vendor Due Diligence
Lastly, consider doing pre-agreement diligence on the vendor. By crafting and using a vendor questionnaire, the customer can, at the outset, get a good idea of the extent to which the vendor can meet the customer’s expectations and business requirements. The customer can then identify where gaps exist so that they can be eliminated or so that the risks associated with the gaps can be reduced through negotiation of the vendor’s requirements. Examples of the items to cover in such a due diligence questionnaire include the vendor’s financial condition, insurance, existing service levels, capacity, physical and digital security, disaster recovery, business continuity, redundancy, and the ability to comply with applicable regulations.
In conclusion, cloud computing agreements, like traditional software license agreements, should be negotiated with the customer’s needs in mind as vendor forms are invariably one-sided. Unlike traditional software licenses, the customer should focus less on configuration of the application and more on its availability and the security of its data.