Monday, October 5, 2015

Addressing Risks in a Cloud-Computing Contract

A little checklist with the common questions that must be addressed when you evaluate a cloud-computing service contract.

1. When the relationship is over, does the contract address transition of the data out of the cloud (either back to customer or to another cloud)? Is there an extra charge for it? This is especially important if the cloud company is using an unusual unique format to store the data.

2. Transparent Privacy Policy and confidentiality provisions are important. The provider stores your important data and the provider must, thus, be bound by at least some confidentiality provisions.

3. Ensuring that adequate efforts are being taken to maintain the security of stored data should be a high priority.  Will the data be encrypted? How will the provider notify the consumer about the security breach?

4. Termination. There must be adequate termination procedures for serious breach by either party and definition of a “serious” breach.

5. Compliance with third party platform terms becomes important if the cloud provider uses third party services to support own service.

6. Ensure the contract has adequate procedures for communicating and escalating problems.

7. Cloud uptime guarantees. Many cloud providers nowadays offer automated monitoring tools. Most contracts exclude liability for damages caused by inadequate uptime. Nevertheless,  a provider can offer service credits that might be useful.