SlideShare a Scribd company logo

Cloud computing contract checklist modified -- Procurement

•
•
David Sweigert
David Sweigert

Uploaded as a courtesy by: Dave Sweigert CISA, HCISPP, SEC+

Technology
1 of 8
CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 1 09/03/14 The following checklist contains key points, which must be considered when soliciting Cloud Computing Software as a Service (SaaS) pursuant to TechnologyLetter 14-04 and the Cloud Computing Special Provisions SaaS (SP). When decisions regarding these key points have been fully developed, the statement of work (SOW) can then be drafted. The SOW may modify Sections 2, 3, 6, 8 (subsections), 9, 10 and 11 of the Special Provisions. These modifications are referred to as carve outs. Definition of terms is located at the conclusion of this checklist. A. Data 1. Classification and Categorization Classification and Categorization of the department’s Data are the critical first steps. The sensitivity of the Data helps to determine the parameters and targets for the Service Level Agreement(s) (SLAs), security, encryption, etc. Data may be separated into different levels (tiers) based on law/sensitivity/confidentiality. You must comply with SAM 5305.5 and review this link: Classification and Categorization. 2. Basics Determine: a. The format in which the State Data is to be provided to the Contactor. b. The State’s rights to any Contractor application programming interfaces required in order to access Data. c. What are the State’s rights to test Data access processes? d. Roles and responsibilities for State and Contractor for installation and configuration. e. Rights to and ownership of Data per Special Provisions #7-Rights to Data. 3. Data Breach The Special Provisions include a carve out for #9-Data Breach. This allows for modification of the Special Provisions if you have a business requirement. Determine: a. Whether to treat breaches differently depending upon the Data that will be stored (public or sensitive Data, HIPAA, Personally identifiable information, Payment Card Industry, etc.). b. What (circumstances, type of Data, etc.) should be included in the breach notifications in addition to those listed in Section 9a in the Cloud Computing Special Provisions SaaS. c. Contractor compliance, where applicable, with Social Security Administration Document Electronic Information Exchange Security Requirement and Procedures for State and Local Agencies Exchanging Electronic Information with the Social Security Administration, security provisions in IRS Publication 1075, HIPAA, Health Information Technology for Economic and Clinical Health Act, Criminal Justice Information Services Security Policy or FedRamp (federal funds involved). 4. Locations The department should identify: a. The location(s) of the Contractor Data center(s) where State Data will be processed or stored. The Special Provisions include a carve out for #6-Data Location. Will Contactor data center locations be within the parameters of your department’s Disaster Recovery Plan? The Special Provisions allow for a carve out for #10- Disaster Recovery/Business Continuity.
CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 2 09/03/14 b. Ensure that the physical location of the data center where the Data is stored is within the continental United States, and remote access to Data from outside the continental United States is prohibited unless approved in advance by the State Chief Information Security Officer. c. The location of the Contractor’s headquarters. d. The distance of Contractor data center(s) from closest main internet network hub (may affect performance). e. The Contractor’s obligation to notify the State of any location changes to Contractor’s data center(s) (that will process or store State Data), or Contractor’s headquarters. f. Locations of State facilities where users are located (unless location is confidential). g. What geographical limitations, if any, there will be for Data in transit. 5. Information Security Determine responsibilities and obligations related to security of State information: a. Level of Security will be driven by the department’s categorization of Data; b. The State must determine when Data must be encrypted. Data can be encrypted: 1. In use 2. In transit 3. At rest 4. Combinations of 1, 2 or 3 5. All of the above (cost consideration). c. Department must determine who will have access to the encryption key; and any encryption standards the Contractor must follow. d. Contractor’s obligations to encrypt State Data, including level of encryption (128 bit, 256 bit, etc.). See SAM 5350.1 and SIMM 5305-A. e. Identity and Access Management mechanisms, as provided by the Contactor, including alignment with State Identity and Access Management systems, etc. B. Writing the SOW. Having made some decisions regarding your Data, the balance of this checklist will help you to write the SOW for your SaaS solicitation. Use the Cloud Computing Services Special Provisions SaaS and this guidance document for writing an SOW. C. Service Level Agreements 1. Basics Review these embedded samples of single tier and multiple tier SLAs. Each SLA should establish parameters with targets that set appropriate objectives or ranges and measure the Contractor’s performance: a. Clear-cut and unambiguous parameters must contain performance objective(s), Data sources, Data fields’ collection times and frequency, and responsibility for Data collection, etc. b. Will Data be placed in separate tiers (see definitions) that will use the same parameters but have different targets? c. Aspects of performance to consider include: number of incidents, severity of incidents, time between incidents, timeliness of incident reporting, and incident resolution times. d. Parameters must support business needs.
CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 3 09/03/14 e. Each SLA parameter may have a single number target or target a performance range and may include a minimum performance target. Failure to meet the minimum performance target may result in termination of the contract. f. How critical is it for the service target to be achieved on specific days or dates, and/or at specific times? g. How critical is it for the service target to occur for a given percent of time? h. How critical is it for the service to recover from failure, and in what timeframe? i. Consider and codify how these ranges and targets mesh with remedies or termination. 2. Terms The performance of the Contractor’s service must be measured to ensure quality. Examples of parameters and targets include: a. Availability – The percentage of time the service and Data will be functional and available to the State of the total time the system is supposed to be operational (excludes agreed upon downtime). The Special Provisions allow for a carve out for #2 SaaS Availability and #3 Data Availability. b. Times and/or days (8x5, 24x7, etc.) when SaaS is available. c. Support – Times or days of access (8x5, 24x7, etc.), support personnel qualifications, support personnel dropped calls, etc. d. Error Correction – The amount of time that elapses between when an error is reported to the Contractor and the time when the Contractor has corrected. e. Latency – Determine what latency is acceptable and remedies for failure to perform. f. “Recovery Time Objective (RTO)” – Determine the period of time within which information technology services, systems, applications and functions must be recovered following an unplanned interruption. g. “Recovery Point Objective (RPO)” - The Recovery Point Objective is expressed as a length of time between the interruption and the most proximate backup of Data immediately preceding the interruption. The RPO must be defined in the SLA. h. Other SLA Parameters – It is important to consider and codify any additional aspects of service that may be critical to State’s specific needs. 3. Definitions SLA Definitions provide additional clarifications or limitations regarding how service is calculated or measured, including what can be included or excluded. Definitions include but are not limited to: i. Availability – The percent time that service and Data will be functional and available to the State of the total time the system is supposed to be operational (excludes agreed upon downtime The Special Provisions allow for a carve out for #2 SaaS Availability and #3 Data Availability. a. Scheduled Maintenance – Specifically state the days and hours when the system may be unavailable for maintenance. Ensure that maintenance occurs during periods of little or no demand. This time is excluded from the calculation of Availability in the SLAs. b. Calculations – Specific formulas, including examples, of how any given SLA is to be calculated to remove ambiguity regarding whether or not an SLA has been met. c. Recovery Time Objective – (see Cloud Computing SaaS Special Provisions) The duration of time and service level within which service must be restored after a disruption.
CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 4 09/03/14 d. Recovery Point Objective – (see Cloud Computing SaaS Special Provisions) The point in time to which Data must be recovered subsequent to a disaster or other disruption in service. For example, if the RPO is two hours, when a system is brought back on-line after a disaster, all Data must be restored to a point within two hours before the disaster. e. Latency - is a measure of the speed of the system. See definitions for more detail. 4. Reporting This section contains ideas for how a Contractor’s measured performance for a given SLA is reported to the State. The reporting methodology is determined by the business needs for each specific SLA. Identify whether the State or Contractor is responsible for each report. Options to consider include: a. Reports on demand with real-time information using the Contractor’s online reports. b. Reports published per schedule (i.e. daily, weekly, monthly, etc.). c. Event based reporting. d. The State’s rights to review the Contractors records related to the service level measurements. 5. Consequences of failure to perform Determine remedies to be applied if the minimum SLA is not met. Some examples include: a. Describe exigencies applied to a Contractor in the event of a missed SLA. These often take the form of financial disincentives, but there are other forms of remedies. b. A decrease in the agreed payment for using the service, i.e., a direct financial sanction (see Table 1). c. A reduction in price along with additional compensation for subsequent use. d. A reduction in usage of service. e. Require an executive of Contractor to personally present explanations for missed SLAs to State’s management. f. Potential disqualification of Contractor from future contracts with the State. g. Contractor’s obligations to analyze the root cause(s) of a problem and corrective action required to prevent recurrence. h. Contractor is required to put in place corrective actions identified as a result of the root cause analysis. i. Remedies – Describe the effects in the event of a failure to meet an SLA performance target or other failure. Effects often take the form of financial disincentives, but there are other forms of possible remedies: 1. A decrease in the agreed payment for using the service, i.e., a direct financial sanction (see Table 1), 2. A reduction in price along with additional compensation for subsequent use, 3. A reduction in usage of service, 4. Require an executive of Contractor to personally present explanations for missed SLAs to State’s management, 5. Potential disqualification of Contractor from future contracts with the State. j. Assessing/Applying Financial exigencies – Determine: 1. How such remedies are calculated, 2. What portion of the total fees paid is eligible, 3. How fees will be provided to the State (credit, refund, etc.) and 4. Any limits on the total amounts?
CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 5 09/03/14 k. There are other potential remedies – Consider a statement that financial exigencies are not the State’s exclusive remedy for repeated SLA failures, reserving State right to seek all damages permitted by law. l. Repeated SLA Failures – In the event that the Contractor repeatedly fails to meet one or more SLAs (e.g., Failure to meet minimum stated SLA requirements in three (3) of any twelve (12) consecutive months), Contractor is considered to be in material breach of the agreement. m. What event triggers a remedy? Is it a complete outage, or a specific level of performance failure? On what timeframe? n. Who initiates the remedy? What is the State’s process? If Contractor, what are the State’s rights to audit? Table 1 Example of Remuneration to the State for missed Availability target Target 15% Credit 25% Credit 35% Credit Monthly Availability 99.9% 99.0% to 99.8% 98.5% to 98.9% 98.0% to 98.4% D. Contractor 1. Costs Codify costs related to continuing use of the service at current levels as well as changes in volume. a. Costs for the State to continue using the service in subsequent renewal years. It is the State’s benefit to cap such cost at the lesser of: a specific Consumer Price Index, a set percentage, what the Contractor charges others, or the Contractor’s list price, for as long a period going forward as possible. Note: for some types of service, the Contractor’s costs decrease with time and an automatic increase would not be appropriate. b. Cost per unit to expand current usage volume, including additional volume discount tiers, if any. c. Cost per unit changes resulting from a decrease in State volume, d. Minimum purchase volume commitments, if any. e. Minimum contract periods, if any. f. Costs for special services (Electronic Discovery, additional storage, transition services, etc.). 2. Functionality a. Description of functionality being acquired, including the end result that is supposed to be achieved, as opposed to merely a product name. b. Determine the State’s rights to replacement products providing similar functionality under a new name, if any. 3. Outsourcing a. Identify any contracted functionality that Contractor outsources to a third party. b. For any functionalities that Contractor has outsourced, Contractor must identify the third party they’ve outsourced to. c. Ongoing responsibilities of Contractor in relation to outsourced Functionality. d. Obligations of third parties in relation to outsourced functionality.
CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 6 09/03/14 4. Compliance with Laws and Standards (see Special Provisions) State any laws with which the Contractor is obligated to comply. Some examples include: a. U.S. Laws (e. HIPAA, Sarbanes-Oxley, FERPA, etc.), b. State Laws and policies, c. Standards (ex. Payment Card Industry-Data Security Standard, etc.). 5. Storage Limits Determine: a. How much storage is included with the purchase of the cloud services? b. Any caps on how much Data the State may store in Contractor’s cloud. c. The cost per unit to purchase optional increased storage beyond initial buy. 6. Technical Support Identify: a. The geographic location and primary language of personnel providing support. b. Will there be a guarantee of support availability or response time? c. Time zone, hours for support and cost for premium (outside of normal PT) support, if any. d. Which State end users can access support? e. How do State end users access that support (email, phone, etc.)? f. What is the error notification and correction process, including format and time frame(s)? g. How do State end users access the Contractor’s services (ex. Specific web browsers, specific mobile devices, etc.)? h. Determine the minimum timeframe within which Contractor must notify the State prior to making changes to existing technical access requirements. E. Transition Eventually the contract will end. Data may have to be transitioned to another Contractor. This may require Data transition to the State and then on to another Contractor or directly from one Contractor to another. The transition period should be scheduled within the timeframe of the contract prior to conclusion. Transition will be required if the contract is prematurely terminated. The Special Provisions include carve out #8-Transition Period. Determine: a. How the Data will be transferred prior to conclusion of contract. b. The length of the transition period. c. After successful transfer of Data, how the Contractor will ensure that all Data under Contractor’s control has been destroyed or rendered inaccessible. F. Examination and Audit Determine if your department’s business needs require modifications to carve out for #11- Examination and Audit of the Special Provisions (SaaS). Specify those modifications in the SOW.
CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 7 09/03/14 G. Definitions Application programming interface (API) specifies how some software components should interact with each other. In practice, many times an API comes in the form of a library that includes specifications for routines, Data structures, object classes, and variables. Confidential Information: Information maintained by state agencies that is exempt from disclosure under the provisions of the California Public Records Act (Government Code Sections 6250 et seq.) or other applicable state or federal laws. See SAM Section 5300. Electronic discovery refers to discovery in civil litigation or government investigations which deals with the exchange of information in electronic format. These Data are subject to local rules and agreed-upon processes, and are often reviewed for privilege and relevance before being turned over to opposing counsel. FERPA The Family Educational Rights and Privacy Act is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. HIPAA HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information. Latency In a network, latency is a synonym for delay. Latency is used in two major contexts as either one way or as a round trip. One-way latency is measured by counting the total time it takes Data to travel from its source (user) to its destination. Round-trip latency is measured by adding one- way latency from the destination to the time it takes the Data to return from the destination and arrive back at the source (user). Round trip latency can be defined and used in the SLA. Parameter In an SLA, a parameter is a system performance measurement which must be given a specific value. In Table 2, the SLA Latency is a parameter with the target of less than 50 milliseconds. Each parameter should be defined in the SOW. Sometimes a parameters is referred to as an SLA. Table 2 Service Measurement Target Latency <50 MS Sarbanes-Oxley The Sarbanes-Oxley Act (SOX) mandated strict reforms to improve financial disclosures from corporations and prevent accounting fraud.
CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 8 09/03/14 Sensitive Information: Information maintained by state agencies that requires special precautions to protect it from unauthorized modification or deletion. See SAM Section 5300. Sensitive information may be either public or confidential . Service Level Agreement Service Level Agreement or SLA is group of parameters with performance measurement targets which are used to evaluate performance. Sometimes each parameter is called an SLA. Target Each parameter must have an objective or a range of values to gauge performance. In Table 3, the Latency parameter has a target of less than 50 milliseconds. Tiers for Data Separating Data into two or more classifications to enable more selective security/availability for more sensitive Data. For example: information already in the public domain might be categorized tier one Data and costs could be reduced since it would need no encryption. For example, highly confidential personal medical information or social security numbers could be categorized as tier two and be treated more carefully. See table 3 for examples of SLAs with tiered Data. Also see these embedded examples of single tier and multiple tier SLAs. Table 3 SLA Availability Encryption Tier 1 99.0% None Tier 2 99.99% High (e.g., 256 bit at rest, in transit and in use)* *See SAM 5350.1 and SIMM 5305-A.

Recommended

SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...
SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...
SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...Oliver Barreto RodrĂ­guez
 
Business Continuity Plan V5
Business Continuity Plan V5Business Continuity Plan V5
Business Continuity Plan V5Rick Percuoco
 
ProfitBricks-white-paper-Disaster-Recovery-US
ProfitBricks-white-paper-Disaster-Recovery-USProfitBricks-white-paper-Disaster-Recovery-US
ProfitBricks-white-paper-Disaster-Recovery-USMudia Akpobome
 
Data warehouse system
Data warehouse systemData warehouse system
Data warehouse systemKhaled Darweesh
 
Managing Software from Development to Deployment in the Cloud
Managing Software from Development to Deployment in the CloudManaging Software from Development to Deployment in the Cloud
Managing Software from Development to Deployment in the CloudCloudBees
 
ESA and the Cloud
ESA and the CloudESA and the Cloud
ESA and the CloudNetcetera
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
 
Contract Management In the Cloud
Contract Management In the CloudContract Management In the Cloud
Contract Management In the CloudVivastream
 

Recommended

SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...
SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...
SLALOM Webinar Final Technical Outcomes Explanined "Using the SLALOM Technica...Oliver Barreto RodrĂ­guez
 
Business Continuity Plan V5
Business Continuity Plan V5Business Continuity Plan V5
Business Continuity Plan V5Rick Percuoco
 
ProfitBricks-white-paper-Disaster-Recovery-US
ProfitBricks-white-paper-Disaster-Recovery-USProfitBricks-white-paper-Disaster-Recovery-US
ProfitBricks-white-paper-Disaster-Recovery-USMudia Akpobome
 
Data warehouse system
Data warehouse systemData warehouse system
Data warehouse systemKhaled Darweesh
 
Managing Software from Development to Deployment in the Cloud
Managing Software from Development to Deployment in the CloudManaging Software from Development to Deployment in the Cloud
Managing Software from Development to Deployment in the CloudCloudBees
 
ESA and the Cloud
ESA and the CloudESA and the Cloud
ESA and the CloudNetcetera
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30This account is closed
 
Contract Management In the Cloud
Contract Management In the CloudContract Management In the Cloud
Contract Management In the CloudVivastream
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Cloud Cheap Assignment Help
Cloud Cheap Assignment HelpCloud Cheap Assignment Help
Cloud Cheap Assignment HelpNicole Valerio
 
Cloud comuting Cheap Assignment Help
Cloud comuting Cheap Assignment HelpCloud comuting Cheap Assignment Help
Cloud comuting Cheap Assignment HelpNicole Valerio
 
A framework for streamlining globally integrated services
A framework for streamlining globally integrated servicesA framework for streamlining globally integrated services
A framework for streamlining globally integrated servicesAli Elkhateb
 
cloud Resilience
cloud Resilience cloud Resilience
cloud Resilience Integral university, India
 
Hybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationHybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationSai P Mishra
 
Yongsan presentation 3
Yongsan presentation 3Yongsan presentation 3
Yongsan presentation 3GovCloud Network
 
Zuora Case Study [Cloud] by Surabhi Ravindra
Zuora Case Study [Cloud] by Surabhi RavindraZuora Case Study [Cloud] by Surabhi Ravindra
Zuora Case Study [Cloud] by Surabhi RavindraSurabhi Ravindra
 
2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting
2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting
2015 Gartner Magic Quadrant Cloud Enabled Managed HostingEvan Blum
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
Topic The top 5 details that should be included in your cloud SLA..docx
Topic The top 5 details that should be included in your cloud SLA..docxTopic The top 5 details that should be included in your cloud SLA..docx
Topic The top 5 details that should be included in your cloud SLA..docxjuliennehar
 
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...Oliver Barreto RodrĂ­guez
 
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On DemandS299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On DemandKate Haughton
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
step on cloud payments
step on cloud paymentsstep on cloud payments
step on cloud paymentssethnainaa
 
step on cloud payments
step on cloud paymentsstep on cloud payments
step on cloud paymentsdrishtipuro1234
 
Moving to the cloud
Moving to the cloudMoving to the cloud
Moving to the cloudPedro Alexander Romero Tortosa
 
Migration approachquestionnaire checklist
Migration approachquestionnaire checklistMigration approachquestionnaire checklist
Migration approachquestionnaire checklistNandeep Nagarkar
 
Updated mca queries
Updated mca queries Updated mca queries
Updated mca queries Avisek Kundu
 
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxBoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxjasoninnes20
 
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 

More Related Content

Similar to Cloud computing contract checklist modified -- Procurement

Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Cloud Cheap Assignment Help
Cloud Cheap Assignment HelpCloud Cheap Assignment Help
Cloud Cheap Assignment HelpNicole Valerio
 
Cloud comuting Cheap Assignment Help
Cloud comuting Cheap Assignment HelpCloud comuting Cheap Assignment Help
Cloud comuting Cheap Assignment HelpNicole Valerio
 
A framework for streamlining globally integrated services
A framework for streamlining globally integrated servicesA framework for streamlining globally integrated services
A framework for streamlining globally integrated servicesAli Elkhateb
 
Hybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationHybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationSai P Mishra
 
Yongsan presentation 3
Yongsan presentation 3Yongsan presentation 3
Yongsan presentation 3GovCloud Network
 
Zuora Case Study [Cloud] by Surabhi Ravindra
Zuora Case Study [Cloud] by Surabhi RavindraZuora Case Study [Cloud] by Surabhi Ravindra
Zuora Case Study [Cloud] by Surabhi RavindraSurabhi Ravindra
 
2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting
2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting
2015 Gartner Magic Quadrant Cloud Enabled Managed HostingEvan Blum
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
Topic The top 5 details that should be included in your cloud SLA..docx
Topic The top 5 details that should be included in your cloud SLA..docxTopic The top 5 details that should be included in your cloud SLA..docx
Topic The top 5 details that should be included in your cloud SLA..docxjuliennehar
 
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...Oliver Barreto RodrĂ­guez
 
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On DemandS299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On DemandKate Haughton
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
step on cloud payments
step on cloud paymentsstep on cloud payments
step on cloud paymentssethnainaa
 
step on cloud payments
step on cloud paymentsstep on cloud payments
step on cloud paymentsdrishtipuro1234
 
Migration approachquestionnaire checklist
Migration approachquestionnaire checklistMigration approachquestionnaire checklist
Migration approachquestionnaire checklistNandeep Nagarkar
 
Updated mca queries
Updated mca queries Updated mca queries
Updated mca queries Avisek Kundu
 
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxBoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxjasoninnes20
 

Similar to Cloud computing contract checklist modified -- Procurement (20)

Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Cloud Cheap Assignment Help
Cloud Cheap Assignment HelpCloud Cheap Assignment Help
Cloud Cheap Assignment Help
 
Cloud comuting Cheap Assignment Help
Cloud comuting Cheap Assignment HelpCloud comuting Cheap Assignment Help
Cloud comuting Cheap Assignment Help
 
A framework for streamlining globally integrated services
A framework for streamlining globally integrated servicesA framework for streamlining globally integrated services
A framework for streamlining globally integrated services
 
cloud Resilience
cloud Resilience cloud Resilience
cloud Resilience
 
Hybrid Cloud and Its Implementation
Hybrid Cloud and Its ImplementationHybrid Cloud and Its Implementation
Hybrid Cloud and Its Implementation
 
Yongsan presentation 3
Yongsan presentation 3Yongsan presentation 3
Yongsan presentation 3
 
Zuora Case Study [Cloud] by Surabhi Ravindra
Zuora Case Study [Cloud] by Surabhi RavindraZuora Case Study [Cloud] by Surabhi Ravindra
Zuora Case Study [Cloud] by Surabhi Ravindra
 
2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting
2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting
2015 Gartner Magic Quadrant Cloud Enabled Managed Hosting
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the Cloud
 
Topic The top 5 details that should be included in your cloud SLA..docx
Topic The top 5 details that should be included in your cloud SLA..docxTopic The top 5 details that should be included in your cloud SLA..docx
Topic The top 5 details that should be included in your cloud SLA..docx
 
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...
SLALOM Webinar Final Legal Outcomes Explanined "Using the SLALOM Contract Ser...
 
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On DemandS299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
S299137 Enterprise Saa S Behind The Operational Scenes Of Oracle Crm On Demand
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
step on cloud payments
step on cloud paymentsstep on cloud payments
step on cloud payments
 
step on cloud payments
step on cloud paymentsstep on cloud payments
step on cloud payments
 
Moving to the cloud
Moving to the cloudMoving to the cloud
Moving to the cloud
 
Migration approachquestionnaire checklist
Migration approachquestionnaire checklistMigration approachquestionnaire checklist
Migration approachquestionnaire checklist
 
Updated mca queries
Updated mca queries Updated mca queries
Updated mca queries
 
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docxBoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
BoardSprintUser Story ScenarioDesignDevelopmentTestUAT Release1U .docx
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterDavid Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityDavid Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartDavid Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentDavid Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTDavid Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackDavid Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTDavid Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionDavid Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSDavid Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Cloud computing contract checklist modified -- Procurement

  • 1. CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 1 09/03/14 The following checklist contains key points, which must be considered when soliciting Cloud Computing Software as a Service (SaaS) pursuant to TechnologyLetter 14-04 and the Cloud Computing Special Provisions SaaS (SP). When decisions regarding these key points have been fully developed, the statement of work (SOW) can then be drafted. The SOW may modify Sections 2, 3, 6, 8 (subsections), 9, 10 and 11 of the Special Provisions. These modifications are referred to as carve outs. Definition of terms is located at the conclusion of this checklist. A. Data 1. Classification and Categorization Classification and Categorization of the department’s Data are the critical first steps. The sensitivity of the Data helps to determine the parameters and targets for the Service Level Agreement(s) (SLAs), security, encryption, etc. Data may be separated into different levels (tiers) based on law/sensitivity/confidentiality. You must comply with SAM 5305.5 and review this link: Classification and Categorization. 2. Basics Determine: a. The format in which the State Data is to be provided to the Contactor. b. The State’s rights to any Contractor application programming interfaces required in order to access Data. c. What are the State’s rights to test Data access processes? d. Roles and responsibilities for State and Contractor for installation and configuration. e. Rights to and ownership of Data per Special Provisions #7-Rights to Data. 3. Data Breach The Special Provisions include a carve out for #9-Data Breach. This allows for modification of the Special Provisions if you have a business requirement. Determine: a. Whether to treat breaches differently depending upon the Data that will be stored (public or sensitive Data, HIPAA, Personally identifiable information, Payment Card Industry, etc.). b. What (circumstances, type of Data, etc.) should be included in the breach notifications in addition to those listed in Section 9a in the Cloud Computing Special Provisions SaaS. c. Contractor compliance, where applicable, with Social Security Administration Document Electronic Information Exchange Security Requirement and Procedures for State and Local Agencies Exchanging Electronic Information with the Social Security Administration, security provisions in IRS Publication 1075, HIPAA, Health Information Technology for Economic and Clinical Health Act, Criminal Justice Information Services Security Policy or FedRamp (federal funds involved). 4. Locations The department should identify: a. The location(s) of the Contractor Data center(s) where State Data will be processed or stored. The Special Provisions include a carve out for #6-Data Location. Will Contactor data center locations be within the parameters of your department’s Disaster Recovery Plan? The Special Provisions allow for a carve out for #10- Disaster Recovery/Business Continuity.
  • 2. CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 2 09/03/14 b. Ensure that the physical location of the data center where the Data is stored is within the continental United States, and remote access to Data from outside the continental United States is prohibited unless approved in advance by the State Chief Information Security Officer. c. The location of the Contractor’s headquarters. d. The distance of Contractor data center(s) from closest main internet network hub (may affect performance). e. The Contractor’s obligation to notify the State of any location changes to Contractor’s data center(s) (that will process or store State Data), or Contractor’s headquarters. f. Locations of State facilities where users are located (unless location is confidential). g. What geographical limitations, if any, there will be for Data in transit. 5. Information Security Determine responsibilities and obligations related to security of State information: a. Level of Security will be driven by the department’s categorization of Data; b. The State must determine when Data must be encrypted. Data can be encrypted: 1. In use 2. In transit 3. At rest 4. Combinations of 1, 2 or 3 5. All of the above (cost consideration). c. Department must determine who will have access to the encryption key; and any encryption standards the Contractor must follow. d. Contractor’s obligations to encrypt State Data, including level of encryption (128 bit, 256 bit, etc.). See SAM 5350.1 and SIMM 5305-A. e. Identity and Access Management mechanisms, as provided by the Contactor, including alignment with State Identity and Access Management systems, etc. B. Writing the SOW. Having made some decisions regarding your Data, the balance of this checklist will help you to write the SOW for your SaaS solicitation. Use the Cloud Computing Services Special Provisions SaaS and this guidance document for writing an SOW. C. Service Level Agreements 1. Basics Review these embedded samples of single tier and multiple tier SLAs. Each SLA should establish parameters with targets that set appropriate objectives or ranges and measure the Contractor’s performance: a. Clear-cut and unambiguous parameters must contain performance objective(s), Data sources, Data fields’ collection times and frequency, and responsibility for Data collection, etc. b. Will Data be placed in separate tiers (see definitions) that will use the same parameters but have different targets? c. Aspects of performance to consider include: number of incidents, severity of incidents, time between incidents, timeliness of incident reporting, and incident resolution times. d. Parameters must support business needs.
  • 3. CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 3 09/03/14 e. Each SLA parameter may have a single number target or target a performance range and may include a minimum performance target. Failure to meet the minimum performance target may result in termination of the contract. f. How critical is it for the service target to be achieved on specific days or dates, and/or at specific times? g. How critical is it for the service target to occur for a given percent of time? h. How critical is it for the service to recover from failure, and in what timeframe? i. Consider and codify how these ranges and targets mesh with remedies or termination. 2. Terms The performance of the Contractor’s service must be measured to ensure quality. Examples of parameters and targets include: a. Availability – The percentage of time the service and Data will be functional and available to the State of the total time the system is supposed to be operational (excludes agreed upon downtime). The Special Provisions allow for a carve out for #2 SaaS Availability and #3 Data Availability. b. Times and/or days (8x5, 24x7, etc.) when SaaS is available. c. Support – Times or days of access (8x5, 24x7, etc.), support personnel qualifications, support personnel dropped calls, etc. d. Error Correction – The amount of time that elapses between when an error is reported to the Contractor and the time when the Contractor has corrected. e. Latency – Determine what latency is acceptable and remedies for failure to perform. f. “Recovery Time Objective (RTO)” – Determine the period of time within which information technology services, systems, applications and functions must be recovered following an unplanned interruption. g. “Recovery Point Objective (RPO)” - The Recovery Point Objective is expressed as a length of time between the interruption and the most proximate backup of Data immediately preceding the interruption. The RPO must be defined in the SLA. h. Other SLA Parameters – It is important to consider and codify any additional aspects of service that may be critical to State’s specific needs. 3. Definitions SLA Definitions provide additional clarifications or limitations regarding how service is calculated or measured, including what can be included or excluded. Definitions include but are not limited to: i. Availability – The percent time that service and Data will be functional and available to the State of the total time the system is supposed to be operational (excludes agreed upon downtime The Special Provisions allow for a carve out for #2 SaaS Availability and #3 Data Availability. a. Scheduled Maintenance – Specifically state the days and hours when the system may be unavailable for maintenance. Ensure that maintenance occurs during periods of little or no demand. This time is excluded from the calculation of Availability in the SLAs. b. Calculations – Specific formulas, including examples, of how any given SLA is to be calculated to remove ambiguity regarding whether or not an SLA has been met. c. Recovery Time Objective – (see Cloud Computing SaaS Special Provisions) The duration of time and service level within which service must be restored after a disruption.
  • 4. CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 4 09/03/14 d. Recovery Point Objective – (see Cloud Computing SaaS Special Provisions) The point in time to which Data must be recovered subsequent to a disaster or other disruption in service. For example, if the RPO is two hours, when a system is brought back on-line after a disaster, all Data must be restored to a point within two hours before the disaster. e. Latency - is a measure of the speed of the system. See definitions for more detail. 4. Reporting This section contains ideas for how a Contractor’s measured performance for a given SLA is reported to the State. The reporting methodology is determined by the business needs for each specific SLA. Identify whether the State or Contractor is responsible for each report. Options to consider include: a. Reports on demand with real-time information using the Contractor’s online reports. b. Reports published per schedule (i.e. daily, weekly, monthly, etc.). c. Event based reporting. d. The State’s rights to review the Contractors records related to the service level measurements. 5. Consequences of failure to perform Determine remedies to be applied if the minimum SLA is not met. Some examples include: a. Describe exigencies applied to a Contractor in the event of a missed SLA. These often take the form of financial disincentives, but there are other forms of remedies. b. A decrease in the agreed payment for using the service, i.e., a direct financial sanction (see Table 1). c. A reduction in price along with additional compensation for subsequent use. d. A reduction in usage of service. e. Require an executive of Contractor to personally present explanations for missed SLAs to State’s management. f. Potential disqualification of Contractor from future contracts with the State. g. Contractor’s obligations to analyze the root cause(s) of a problem and corrective action required to prevent recurrence. h. Contractor is required to put in place corrective actions identified as a result of the root cause analysis. i. Remedies – Describe the effects in the event of a failure to meet an SLA performance target or other failure. Effects often take the form of financial disincentives, but there are other forms of possible remedies: 1. A decrease in the agreed payment for using the service, i.e., a direct financial sanction (see Table 1), 2. A reduction in price along with additional compensation for subsequent use, 3. A reduction in usage of service, 4. Require an executive of Contractor to personally present explanations for missed SLAs to State’s management, 5. Potential disqualification of Contractor from future contracts with the State. j. Assessing/Applying Financial exigencies – Determine: 1. How such remedies are calculated, 2. What portion of the total fees paid is eligible, 3. How fees will be provided to the State (credit, refund, etc.) and 4. Any limits on the total amounts?
  • 5. CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 5 09/03/14 k. There are other potential remedies – Consider a statement that financial exigencies are not the State’s exclusive remedy for repeated SLA failures, reserving State right to seek all damages permitted by law. l. Repeated SLA Failures – In the event that the Contractor repeatedly fails to meet one or more SLAs (e.g., Failure to meet minimum stated SLA requirements in three (3) of any twelve (12) consecutive months), Contractor is considered to be in material breach of the agreement. m. What event triggers a remedy? Is it a complete outage, or a specific level of performance failure? On what timeframe? n. Who initiates the remedy? What is the State’s process? If Contractor, what are the State’s rights to audit? Table 1 Example of Remuneration to the State for missed Availability target Target 15% Credit 25% Credit 35% Credit Monthly Availability 99.9% 99.0% to 99.8% 98.5% to 98.9% 98.0% to 98.4% D. Contractor 1. Costs Codify costs related to continuing use of the service at current levels as well as changes in volume. a. Costs for the State to continue using the service in subsequent renewal years. It is the State’s benefit to cap such cost at the lesser of: a specific Consumer Price Index, a set percentage, what the Contractor charges others, or the Contractor’s list price, for as long a period going forward as possible. Note: for some types of service, the Contractor’s costs decrease with time and an automatic increase would not be appropriate. b. Cost per unit to expand current usage volume, including additional volume discount tiers, if any. c. Cost per unit changes resulting from a decrease in State volume, d. Minimum purchase volume commitments, if any. e. Minimum contract periods, if any. f. Costs for special services (Electronic Discovery, additional storage, transition services, etc.). 2. Functionality a. Description of functionality being acquired, including the end result that is supposed to be achieved, as opposed to merely a product name. b. Determine the State’s rights to replacement products providing similar functionality under a new name, if any. 3. Outsourcing a. Identify any contracted functionality that Contractor outsources to a third party. b. For any functionalities that Contractor has outsourced, Contractor must identify the third party they’ve outsourced to. c. Ongoing responsibilities of Contractor in relation to outsourced Functionality. d. Obligations of third parties in relation to outsourced functionality.
  • 6. CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 6 09/03/14 4. Compliance with Laws and Standards (see Special Provisions) State any laws with which the Contractor is obligated to comply. Some examples include: a. U.S. Laws (e. HIPAA, Sarbanes-Oxley, FERPA, etc.), b. State Laws and policies, c. Standards (ex. Payment Card Industry-Data Security Standard, etc.). 5. Storage Limits Determine: a. How much storage is included with the purchase of the cloud services? b. Any caps on how much Data the State may store in Contractor’s cloud. c. The cost per unit to purchase optional increased storage beyond initial buy. 6. Technical Support Identify: a. The geographic location and primary language of personnel providing support. b. Will there be a guarantee of support availability or response time? c. Time zone, hours for support and cost for premium (outside of normal PT) support, if any. d. Which State end users can access support? e. How do State end users access that support (email, phone, etc.)? f. What is the error notification and correction process, including format and time frame(s)? g. How do State end users access the Contractor’s services (ex. Specific web browsers, specific mobile devices, etc.)? h. Determine the minimum timeframe within which Contractor must notify the State prior to making changes to existing technical access requirements. E. Transition Eventually the contract will end. Data may have to be transitioned to another Contractor. This may require Data transition to the State and then on to another Contractor or directly from one Contractor to another. The transition period should be scheduled within the timeframe of the contract prior to conclusion. Transition will be required if the contract is prematurely terminated. The Special Provisions include carve out #8-Transition Period. Determine: a. How the Data will be transferred prior to conclusion of contract. b. The length of the transition period. c. After successful transfer of Data, how the Contractor will ensure that all Data under Contractor’s control has been destroyed or rendered inaccessible. F. Examination and Audit Determine if your department’s business needs require modifications to carve out for #11- Examination and Audit of the Special Provisions (SaaS). Specify those modifications in the SOW.
  • 7. CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 7 09/03/14 G. Definitions Application programming interface (API) specifies how some software components should interact with each other. In practice, many times an API comes in the form of a library that includes specifications for routines, Data structures, object classes, and variables. Confidential Information: Information maintained by state agencies that is exempt from disclosure under the provisions of the California Public Records Act (Government Code Sections 6250 et seq.) or other applicable state or federal laws. See SAM Section 5300. Electronic discovery refers to discovery in civil litigation or government investigations which deals with the exchange of information in electronic format. These Data are subject to local rules and agreed-upon processes, and are often reviewed for privilege and relevance before being turned over to opposing counsel. FERPA The Family Educational Rights and Privacy Act is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. HIPAA HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information. Latency In a network, latency is a synonym for delay. Latency is used in two major contexts as either one way or as a round trip. One-way latency is measured by counting the total time it takes Data to travel from its source (user) to its destination. Round-trip latency is measured by adding one- way latency from the destination to the time it takes the Data to return from the destination and arrive back at the source (user). Round trip latency can be defined and used in the SLA. Parameter In an SLA, a parameter is a system performance measurement which must be given a specific value. In Table 2, the SLA Latency is a parameter with the target of less than 50 milliseconds. Each parameter should be defined in the SOW. Sometimes a parameters is referred to as an SLA. Table 2 Service Measurement Target Latency <50 MS Sarbanes-Oxley The Sarbanes-Oxley Act (SOX) mandated strict reforms to improve financial disclosures from corporations and prevent accounting fraud.
  • 8. CLOUD COMPUTING CONTRACT CHECKLIST for SOFTWARE AS A SERVICE DGS Procurement Division Page 8 09/03/14 Sensitive Information: Information maintained by state agencies that requires special precautions to protect it from unauthorized modification or deletion. See SAM Section 5300. Sensitive information may be either public or confidential . Service Level Agreement Service Level Agreement or SLA is group of parameters with performance measurement targets which are used to evaluate performance. Sometimes each parameter is called an SLA. Target Each parameter must have an objective or a range of values to gauge performance. In Table 3, the Latency parameter has a target of less than 50 milliseconds. Tiers for Data Separating Data into two or more classifications to enable more selective security/availability for more sensitive Data. For example: information already in the public domain might be categorized tier one Data and costs could be reduced since it would need no encryption. For example, highly confidential personal medical information or social security numbers could be categorized as tier two and be treated more carefully. See table 3 for examples of SLAs with tiered Data. Also see these embedded examples of single tier and multiple tier SLAs. Table 3 SLA Availability Encryption Tier 1 99.0% None Tier 2 99.99% High (e.g., 256 bit at rest, in transit and in use)* *See SAM 5350.1 and SIMM 5305-A.