Cloud Service Agreements

One area of law that has a significant impact on cloud service contracts is data protection. Typically, the cloud service provider is a “data processor” with respect to customer data stored in and processed by the service, while the customer is a “data controller.” Almost all cloud computing contracts include a limitation of liability clause that is heavily weighted in favor of the CSP. Customers accept these clauses for more immediate benefits such as cost savings and scalability. Most limitations are to limit the CSP`s liability to the amount it receives from the customer. In order to avoid the risk of unauthorized access or data breach, the CSP must return or destroy the customer`s data after the termination or expiration of the contract. Most cloud service providers try to keep anonymized and aggregated data to improve their services. Customer privacy policies and on-premises privacy policies may impose additional, often one-time, burdens on inclusion in cloud agreements. Cloud service level agreements can be more detailed to cover governance, security specifications, compliance, and performance and availability statistics. You should review security and encryption practices related to data protection, disaster recovery expectations, data location, and data access and portability. The General Terms and Conditions of Sale (GTC) describe the essential legal provisions that apply to the chosen cloud service, including rights of use, customer data, guarantees, confidentiality and limitations of liability. Carol Sliwa, senior editor of TechTarget, interviews Terri McClure, a former senior analyst at Enterprise Strategy Group, about what users can expect from a cloud SLA. The SLA is therefore part of the broader CSA. SLAs are specific to acceptable service levels and service delivery thresholds, such as performance, availability, and maintainability, including the ability of enterprise technical support to configure its tools, debug bugs, and provide maintenance.

It provides for financial penalties in the event of non-compliance with the thresholds. Most cloud computing contracts include a clause requiring the CSP to teach the customer how to use the technology. The SLA should also define compensation for users if the specifications are not met. A cloud storage service provider typically offers a tiered service credit plan that grants users credits based on the gap between the SLA specifications and the service levels actually provided. Accuracy of data. Data integrity. Recovery. The cloud provider`s data policies contained in the CSA are the most important parts of the contract for the company`s stakeholders. Review these points with a fine comb to make sure they meet and protect your needs as a customer. Some agreements address independent auditing requirements based on standards such as the American Institute of Certified Public Accountants (AICPA). In addition to regularly creating cloud contracts for our customers, we provide a number of professional software-as-a-service templates.

Download now from: Almost all cloud agreements will impose common insurance obligations on CSPs. Increasingly, customers are demanding special insurance coverage for data breaches, network attacks, denial of service, website degradation, online extortion, and IP claims. Agreements define customer termination rights, typically for events that directly affect subsequent performance. These include, for example, mergers or acquisitions of the CSP or financial difficulties (e.B. bankruptcy). The customer`s termination clauses must also address the transfer of the CSP`s contractual obligations to migrate data and minimize disruption. A cloud service agreement defines the legal basis on which a customer accesses these services and uses them for cloud-based services. If the server and software are hosted for a specific client, the CSP may need to provide maintenance services (i.e. repair the technology). In most cases, this means that the CSP will make reasonable efforts to keep the technology running. Maintenance clauses are more likely to occur in IaaS and PaaS contracts.

Most cloud SLAs only offer service credits for future services and do not provide refunds. Credits from a tricky supplier for future billing aren`t beneficial to you, so limit your exposure as they pile up. Try to hedge your bets in the relationship and negotiate refunds in your contract. One of the most important concerns with a cloud computing arrangement is the performance of cloud services and whether they meet the customer`s requirements in terms of reliability and quality. The defined level of service must be specific and measurable in each area. This makes it possible to compare the quality of service (QoS) and, if specified in the contract, to reward or punish accordingly. A cloud infrastructure can include both physical and virtual regions, networks, and systems. While the exact metrics of a cloud SLA may vary from service provider to service provider, the areas covered are consistent: volume and quality of work, including precision and accuracy, speed, responsiveness, and efficiency. The document aims to establish a mutual understanding of the services provided by the service provider, priority areas, responsibilities, guarantees and guarantees.

AUPs describe the acceptable and prohibited use of the Service, Platform or Infrastructure. Since they are primarily concerned with illegal use, UPAs usually generate the least concern – but they make no assumptions. For example, if your business sends a lot of newsletters online, a PUA that bans mass emails should clarify how the provider defines mass emails. In addition to the usual termination rights, the Customer may wish to negotiate “intervention rights” that would allow it to take over the Services during the Force Majeure Period (or to have a new CSP to take over the Services, with the CSP paying the difference in fees between the actual cost to the Customer and the fees negotiated in the original Cloud Service Agreement. More and more legal departments are migrating to the cloud. Previously, we discussed the basics of cloud computing, from different categories of services to data management. Before you implement a new cloud service, learn about the following terms listed in these technology-intensive agreements. Some large cloud-based providers may be willing to work with you on custom additions such as drybar. “Determine who is responsible for breaches such as cross-tenant breaches where malicious actors enter the root operating system,” Linthicum suggests. He thinks the cloud provider should be responsible. Large companies must use the Tonnage Act to negotiate multi-year contracts with large suppliers, which poses a higher risk to the supplier.

As cloud services mature, the terminology has changed. Let`s start by setting our conditions correctly. So who is responsible at each point? Woodward states: “Typically, the cloud service provider provides management services within or below the Service Responsibility Line (SRL) [see diagram] as part of the standard cloud service offering. The customer is usually responsible for the items above the SRL. Woodward notes that transfers, overlaps, and gaps between systems and service providers are defined by governance and service levels for the hybrid IT cloud environment. Most public cloud storage services provide details about the service levels that users can expect on their websites, and these will likely be the same for all users. However, a company that sets up a service with a private cloud storage provider may be able to negotiate a more individual agreement. In this case, the Cloud SLA can include specifications for retention policies, number of copies retained, locations, and so on. Alyson Behr is a technical writer, editor-in-chief and strategic content consultant. With deep roots in testing, industry competitive analysis, and product reviews, Alyson has written for numerous technology publications including PC Magazine, Computerworld, eWeek, InfoWorld, InternetWeek, SD Times, and InformationWeek….