Cloud Contracts Symphony ConsultingCloud contracts are getting more attention as companies shift from purchasing hardware and software to buying a service from a company that includes this infrastructure.  There can be benefits to this approach including scalability, cost, and leveraging best practices.  The challenge, however, is how you manage a supplier that controls a key piece of your infrastructure (hardware and software) and how you protect your data which now resides outside your four walls.

Cloud contracts can help you create robust solutions to cover three main areas:

  • Continuity and Scalability – You want to make sure that there is sufficient infrastructure, policies, and procedures in place that support reliable delivery of the service under a variety of conditions.  You also want to make sure that you understand the long-term costs as the solution scales and your needs change.  Finally, you want to have an effective exit strategy that enables you to access your data and effectively transition to a new service or an internal solution.
  • Service Level and Remedies – Since you will be counting on the service, you need to have clear understanding on up-time and other service expectations.  When the service is not working, there is an impact on your business and you want to understand what the supplier will do to address any deficiencies and what other remedies you might have if the service does not meet expectations.
  • Data Security – Depending on where you are using cloud solutions, you may be transmitting and storing sensitive data with the service provider.  You will want to make sure there are adequate controls in place and that the location for data storage (e.g. a country with stringent government access such as China or Russia) does not affect your legal rights and remedies should a problem occur.

Symphony Consulting offers the following services regarding cloud contracts:

Solution Cost Modeling

  • Initial implementation
  • Add-on subscription costs
  • Right-sizing as needs change

Contract Negotiations

  • Term and termination
  • Indemnification
  • Liability limits
  • Data protection
  • IP ownership
  • Initial and incremental costs
  • Post-termination obligations

Service Level Agreements

  • Metrics
  • Monitoring
  • Roles and Responsibilities
  • Remedies

Data Security

  • Current controls
  • Change procedures
  • Breach: notification and remedies