Know the key legal and security risks in a cloud-computing contract

Make sure you know how to get your data back when the contract ends

By , Computerworld |  Cloud Computing

Because you're giving over control of corporate data to a vendor, it's important to define basic communications processes. Ensure there's some well-defined process around notifying you when a vendor makes changes to their infrastructure that may effect your data. And request that there be periodic, structured meetings scheduled with the vendor between executive-level employees so that you can head off any surprises.

Also, make sure there is a formal dispute escalation or resolution process where you and your vendor can talk about problems before you have to "resort to a legal resolution," Petersen said. A lack of specifics really benefits the vendor in those cases, he added.

"Look for phrases like, 'the vendor shall provide the services in a timely, professional manner in accordance with industry standards,'" Petersen said.

Problem response and resolution should also be hammered out in the contract, ensuring there's some commitment to respond to a problem in a specified period of time; it need only be an affirmation that they know about a problem and are working on it.

Problem resolutions can be more difficult as every issue may take more or less time to resolve, but again, it's important that they agree to keep you updated on what's being done.

Being able to monitor service levels and application uptime is also key to understanding service provider performance.

Some vendors offer automated monitoring and reports for their customers rather than reports on request. And if your site goes down due to a SaaS outage, make sure you know how the vendor will reimburse you for any loss of business. That reimbursement often comes in the form of credits that can be used toward the cost of the contract. But don't expect credits to cover your entire loss due to site downtime.

"You'll almost always see a cap on direct damages ... as well as the exclusion of indirect damages," Petersen said.

More importantly, if there's an ongoing issue, ensure there's clear contract language in that allows your company to bail out of a deal and reclaim data. Typically, there will be some early termination fee associated with leaving a contract early; companies should know what it is.

"You need termination rights for chronic or recurring failures," Petersen said. "The real remedy is to be able to bail out of the deal and find another service provider."


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question