O'Reilly logo

A Guide to IT Contracting by Michael R. Overly, Matthew A. Karlyn

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

69
6
Cloud Computing Agreements
CHECKLIST
Service Levels
Uptime
Response time
Problem response and resolution
Remedies
Data Security
Protection against security vulnerabilities
Disaster recovery and business continuity requirements
Frequency of data backups
Use of/return of data
Format for return of data
Review of security policies
Physical site visit
SAS 70 audit
Limitations on right to use data
Insurance
Cyber liability policy
Technology errors and omissions
Electronic and computer crime
Unauthorized computer access
Avoid only general liability policy
Indemnication
For breach of condentiality and security requirements
For infringement claims
No limitation on types of IP covered
Consider limitation to US patents
70  •  A Guide to IT Contracting: Checklists, Tools, and Techniques
Limitation of Liability
Application to both parties
Exclusions (from both consequential exclusion and cap on direct
damages)
S Breaches of condentiality
S Claims for which the vendor is insured
S Indemnication obligations
S Infringement of IP rights
S Breach of advertising/publicity restrictions
Overall liability cap as a multiple of fees
License/Access Grant and Fees
Broad permitted use
Avoid limitation to internal business purposes
Application to aliates, subsidiaries, outsourcers, and others
Consider pricing
Term
Free ability to terminate
Consider limited notice period
Consider limited termination fee (if justied by vendor’s upfront
costs)
Warranties
Data security
Redundancy/disaster recovery/business continuity
Performance in accordance with specications
Services provided timely and in compliance with best practices
Provision of training as needed
Compliance with laws (both the soware and personnel)
No sharing of client data
Soware will not infringe
Soware will not contain viruses
No pending/threatened litigation
Sucient authority
Publicity/Use of Trademarks
No media announcement unless agreed
No use of customer marks without permission
Notication for Security Issues
Customer gets sole control over notication
Reimbursement for costs and expenses
Cloud Computing Agreements • 71
Assignment
Ability to assign freely
Assignee assumes responsibilities under the agreement
Pre-Agreement Vendor Due Diligence
Questionnaire to vendors to include questions regarding
S Financial condition
S Insurance
S Existing service levels
S Capacity
S Physical and digital security
S Disaster recovery and business continuity processes
S Redundancy
S Ability to comply with applicable laws
KEY CONSIDERATIONS AND ESSENTIAL TERMS
Cloud computing is the use of the Internet or other telecommunica-
tions links to provide a user with access t to soware or other technology
resources made available at a remote location. Depending on the type of
IT capability being oered as a service in the “cloud,” cloud computing is
known by and commonly encompasses several dierent types of services
such as Soware-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS)
and Platform-as-a-Service (PaaS). Regardless of the terminology used,
cloud computing involves accessing soware and infrastructure remotely,
and frequently includes storing data, oen very sensitive and regulated
data, in the cloud. While cloud computing agreements have some similar-
ity to traditional soware licensing agreements, they have more in com-
mon with hosting or application service provider agreements.
When draing and negotiating cloud computing agreements it is essential
to understand how the soware is used. A good place to start is by compar-
ing the cloud computing model to the classic licensing model for delivery of
soware. In a traditional soware licensing engagement, the vendor installs
the soware in the customer’s environment. e customer has the ability to
have the soware congured to meet its particular business needs and the
customer generally retains control over the data that is stored in and pro-
cessed by the soware and the system. In a cloud computing environment,

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required