Roundtable: Best Practice for Cloud Sourcing Daniel Shap, Managing Counsel CIBC Dr Sam De Silva, Partner, Penningtons Manches LLP.

Slides:

Advertisements

Similar presentations

QMUL Cloud Legal Project Cloud Legal Project: Began in Oct 2009 as 3 year project - funded by Microsoft. Focus? To address legal and regulatory issues.

Advertisements

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

© 2013 Rainmaker Solutions Limited. All rights reserved. G-Cloud Services – Lot 4 Cloud Consultancy.

Course: e-Governance Project Lifecycle Day 1

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

SERVICE LEVEL AGREEMENTS The Technical Contract Within the Master Agreement.

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

Vetting and managing subcontractors – avoiding the bear traps Wayne Hughes HQN.

The Defence & Security Public Contracts Regulations 2011 Sub-Contracting and Offset Arrangements Katherine Calder 8 June

Buying Better Outcomes Workshop 4 Equalities and Contract Management If you do not take it seriously, why should the supplier?

FINANCING LNG PROJECTS. Contracting for and financing LNG assets April 2006.

Transposition of Consumer Rights ERGEG Monitoring Report Christina Veigl-Guthann, ERGEG Task Force Chair.

Service Level Agreement Workshop Overview –Importance of Legal Review –Document Format –Master Services Agreements –Service Attachments –Short-Form Agreements.

Management of IT Environment (5) LS 2012/ Martin Sarnovský Department of Cybernetics and AI, FEI TU Košice ITIL:Service Design IT Services Management.

The Outsourcing Process

One Firm. One Team. Countless Opportunities. Baruch College Come out to network and learn more about a career with KPMG that is far beyond coding !

3rd Party Risk Categorization Process

Vendor Management Frequent regulatory findings:

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.

Cloud computing Alessandro Galtieri, Senior Lawyer, Colt Technology Services, London, UK Pavel Klimov, General Counsel EMEA, Unisys, London, UK Severin.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Joint Business Plan Madhurjya K. Dutta 1mk_dutta Sept 2010.

Vendor Risk: Effective Management is Essential

Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 11 Procurement Management Embedding value into the.

ATLANTA | CINCINNATI | CLEVELAND | COLUMBUS | DAYTON | NEW YORK | WASHINGTON, D.C. The Health & Personal Care Logistics Conference Spring Meeting 2015.

Cloud Computing. 2 A division of Konica Minolta Business Solutions USA Inc. What is Cloud Computing? A model for enabling convenient, on-demand network.

Presentation to the Housing Technology Conference Tim Cowland- Senior Consultant 27 th February 2014 The Rise of the Housing Cloud.

TOP 10 TECHNOLOGY INITIATIVES © Robert G. Parker S-1 9. Preventing and Responding to Computer Fraud IT Security Ranked #2 Preventing and Responding.

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

Due Diligence - The Regulator’s Perspective ABA Telephone/Webcast Briefing August 14, 2001 Cynthia Bonnette, Assistant Director FDIC Bank Technology Group.

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Buying factors – HP.

Standley H. Hoch, FSA Chief Operating Officer and Chief Financial Officer CIGNA Reinsurance May 7-8, 2007 Run-off Considerations.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

“Mitigating Offshoring Risks in a Global Business Environment“

18 th Annual Canadian IT Law Association Conference Insider View from the EU Expert Group on Cloud Computing Dr Sam De Silva Partner, Head of IT & Outsourcing.

Information ITIL Technology Infrastructure Library ITIL.

THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.

Ready to use Cloud SLAs. SLALOM Project2 SLALOM is ready to use Cloud SLAs “SLALOM will take theory to practice, providing a trusted verifiable starting.

Financing of Infrastructure Projects:

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

Risk Management in the Built Environment Qualitative and Quantitative Risk Management By Professor Simon Burtonshaw-Gunn – licensed under the Creative.

Outsourcing Opportunity: “Strategic and Operational Level” H. Srikrishnan Executive Director January 31, 2006.

Session, October 2008 eChallenges e-2008 Copyright 2008 Insert Org Logo in Master slide Software as a Service (SaaS) Through a Grid Network: Business and.

Cloud Computing climate change for legal contracts ? EuroCloud Ireland & Irish Computer Society July 1st 2010 Philip Nolan/ Jeanne Kelly Partners, Mason.

+ Regulation and Compliance Summary “ Making Great Ideas Become Reality”

Cloud Computing and the Public Sector Risks and Rewards John O’Connor, Partner - Head of Technology & Commercial Contracts.

Legal Counsel to the Financial Services Industry PRIVACY AND DATA SECURITY: UNDERSTANDING THE LEGAL FRAMEWORK November 19, 2010 Presented by: Donna L.

LEGAL ISSUES IN CLOUD COMPUTING

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

Daniel Field, Atos Spain Towards the European Open Science Cloud, Heidelberg, 20/01/2016.

D3.2 Procurement Best Practices Interim Report 20 January 2016 Toward the European Open Science Cloud 1 Damir Savanovic, CSA.

Protecting your Managed Services Practice: Are you at Risk?

1 1 Effective Administration of Commercial Contracts Breakout Session # Session D06 Name: Holly Walker, CPCM Corporate Learning Solutions and Contract.

GREENBERG TRAURIG, LLP ATTORNEYS AT LAW ©2010. All rights reserved. LEGAL CONSIDERATIONS FOR ADVISER OUTSOURCING ARRANGEMENTS Contact: Arthur.

Demystifying the Hype - Cloud Computing Key Legal & Commercial Issues Dr Sam De Silva, FCIPS Partner - Head of IT & Outsourcing, Manches LLP CIPS Global.

Cyber Security and how to safeguard data in the ‘Cloud’ Claire Jacques 21 April 2016.

ROMANIA NATIONAL NATURAL GAS REGULATORY AUTHORITY Public Service Obligations in Romanian Gas Sector Ligia Medrea General Manager – Authorizing, Licensing,

Mark Kaufmann. Objectives Share and discuss common tips and traps and ways to address Identify strategies for various vendor “ploys” Reality Check Negotiations.

Information ITIL Technology Infrastructure Library ITIL.

Auditing Cloud Services

UNCITRALThird International Colloquium on Public-Private Partnerships (PPPs) October 2017, Vienna Experts for Chapter IV October 2017.

Devise the apt response

Third-party risk management (TPRM)

Neopay Practical Guides #2 PSD2 (Should I be worried?)

EUROGAS LNG TASK FORCE Bilbao, 13 March 2009 Presentation by

Cloud Computing for Wireless Networks

Presentation transcript:

Roundtable: Best Practice for Cloud Sourcing Daniel Shap, Managing Counsel CIBC Dr Sam De Silva, Partner, Penningtons Manches LLP

Workload risk profile Deployment model Contractual framework Cost savings / efficiencies Lower Private Robust Less Higher More “Boilerplate” Public

typical public cloud contract y - axis = total number of workloads

19 th Annual Canadian IT Law Association Conference, Toronto, October 2015 Roundtable: Best Practice for Cloud Sourcing Dr Sam De Silva, Partner, Head of the IT & Outsourcing Group, Penningtons Manches LLP, Oxford, UK

 Procurement approach  Understanding service categories / deployment methods  Best practice for due diligence  Enterprise cloud strategy  Key legal and commercial issues  EU Expert Group: Cloud Service Level Agreement Standardisation Guidelines Outline

 “Negotiating” approach  Standard commoditised offering, therefore limited flexibility or ability to change –focus on key areas of risk – “devil is in the detail” –contract evaluation should be a key part of provider selection  Risk assessment exercise is crucial –need to ensure proper contract evaluation is carried out –evaluation needs to be documented/audit trail –where risk is identified – how has that risk been mitigated/ managed?  Role of Integrators Procurement Approach

 Service categories –Saas –IaaS –PaaS –XaaS?  Deployment models –Public –Community –Private –Hybrid Service Categories / Deployment Modes

Financial, Commercial & Legal Technology and OperationsCustomer Interviews Risk management: past disputes, investigation, litigation and security breaches legal and regulatory compliance evaluation of internal controls review of business continuity plan analysis of third-party and other exposure review of client prioritization insurance coverage General capability overview: security, intrusion detection and prevention systems systems management help desk Commercial management: overall vendor review Achievement of related IT goals approach to contract negotiation transition planning and effectiveness pricing transparency Project capability overview: capacity expansion/allocation requirements (present and future) proposed expansion actions detailed review of transition planning Service management: efficiency of knowledge, skills reporting timeliness and efficiency existence and frequency of service credits Security who owns and controls infrastructure deployment and delivery methods security controls in place physical location of infrastructure elements reliability reports Service delivery: overall ability to meet SLAs results of customer satisfaction surveys SLA achievement during transition Ability to meet disaster recovery and business continuity requirements Best Practice For Due Diligence

Enterprise Cloud Strategy

 Limited supplier obligations  Limitations and exclusions of liability  Suspension and termination clauses  Supplier lock-in and transitioning  Regulatory compliance  Service level agreements  Supply chain / subcontracting Risk assessment - Key contractual and legal issues (1)

 Typical obligations, warranties or other safeguards of sourcing or hosting contracts are not included in cloud computing contracts  Due to their commoditised approach, cloud computing contracts typically contain less onerous obligations on the supplier  Undertake “gap” analysis Limited Supplier Obligations

 Limiting liability of cloud provider to a level that is not in line with the potential risk  Risk with limiting the liability of the cloud provider to the amount paid  Issues include: –almost total exclusion of liability –limited financial cap –exclusion of certain types of loss (e.g. direct losses (US contracts) indirect loss and/or data loss) –force majeure definition Liability

 “Hair” triggers for service provider suspension and termination rights  Pitfalls of suspension clauses –impact on continuity –low barrier for suspension of services/unplanned interruptions –minor non-compliance may lead to significant remedy for the supplier  Termination for convenience by the supplier –notice period –exit obligations Suspension or Termination (1)

 Termination for convenience by the customer –typically cloud computing contracts allow for easy exit for the customer –check contracts for termination for convenience because not always the case or such exit does not come cheap  Risk of cloud provider going out of business or restructuring its service portfolio – data escrow Suspension or Termination (2)

 Usefulness of termination for convenience  No implied obligation to assist in data transfer and disengagement  Everything depends on your contractual agreement  Pricing Supplier lock-in and transition

Regulatory Compliance

 Often not part of standard offering  SLA without “teeth”/targets  Points of attention: –definition of availability –how is the availability calculated by the provider?  e.g. 10 outages of six minutes versus 1 outage of 1 hour –service measurement period Service Level Agreements

 Complex supply chain  Limited visibility/control  Lack of due diligence  Prior written approval for “key” subcontractors / change of subcontractors  Scope of services  Right to “step-in”/direct contract with subcontractors Supply Chain / Subcontracting

European Cloud Computing Strategy – State of Play

 Identification of safe and fair contract terms for consumers and small firms  Consideration of best market practices and Data Protection Directive  Improving legal framework for cloud computing contracts in order to strengthen confidence  Working papers: computing/expert-group/index_en.htm Objectives of Expert Group on Cloud Computing Contracts

 Cloud Select Industry Group – Service Level Agreements (C-SIG-SLA)  Over 100 industry participants  Published guidelines in June 2014 available: service-level-agreement-standardisation-guidelines  To be tested with users, particularly SMEs  To be discussed with Expert Group on Cloud Computing Contracts  Feeding into efforts of international groups - ISO Cloud Service Level Agreement Standardisation Guidelines (1)

 Overview of concepts/definitions  Series of service level objectives –performance –security –data management –personal data protection  Limitations/challenges –guidelines only –recommendations from EU –no clear thresholds Cloud Service Level Agreement Standardisation Guidelines (2)

Questions?