Presentation is loading. Please wait.

Presentation is loading. Please wait.

Roundtable: Best Practice for Cloud Sourcing Daniel Shap, Managing Counsel CIBC Dr Sam De Silva, Partner, Penningtons Manches LLP.

Published byJoella Cummings Modified over 8 years ago

Similar presentations

Presentation on theme: "Roundtable: Best Practice for Cloud Sourcing Daniel Shap, Managing Counsel CIBC Dr Sam De Silva, Partner, Penningtons Manches LLP."— Presentation transcript:

1 Roundtable: Best Practice for Cloud Sourcing Daniel Shap, Managing Counsel CIBC Dr Sam De Silva, Partner, Penningtons Manches LLP

2 Workload risk profile Deployment model Contractual framework Cost savings / efficiencies Lower Private Robust Less Higher More “Boilerplate” Public

3 typical public cloud contract y - axis = total number of workloads

4 19 th Annual Canadian IT Law Association Conference, Toronto, 26-27 October 2015 Roundtable: Best Practice for Cloud Sourcing Dr Sam De Silva, Partner, Head of the IT & Outsourcing Group, Penningtons Manches LLP, Oxford, UK

5  Procurement approach  Understanding service categories / deployment methods  Best practice for due diligence  Enterprise cloud strategy  Key legal and commercial issues  EU Expert Group: Cloud Service Level Agreement Standardisation Guidelines Outline

6  “Negotiating” approach  Standard commoditised offering, therefore limited flexibility or ability to change –focus on key areas of risk – “devil is in the detail” –contract evaluation should be a key part of provider selection  Risk assessment exercise is crucial –need to ensure proper contract evaluation is carried out –evaluation needs to be documented/audit trail –where risk is identified – how has that risk been mitigated/ managed?  Role of Integrators Procurement Approach

7  Service categories –Saas –IaaS –PaaS –XaaS?  Deployment models –Public –Community –Private –Hybrid Service Categories / Deployment Modes

8 Financial, Commercial & Legal Technology and OperationsCustomer Interviews Risk management: past disputes, investigation, litigation and security breaches legal and regulatory compliance evaluation of internal controls review of business continuity plan analysis of third-party and other exposure review of client prioritization insurance coverage General capability overview: security, intrusion detection and prevention systems systems management help desk Commercial management: overall vendor review Achievement of related IT goals approach to contract negotiation transition planning and effectiveness pricing transparency Project capability overview: capacity expansion/allocation requirements (present and future) proposed expansion actions detailed review of transition planning Service management: efficiency of knowledge, skills reporting timeliness and efficiency existence and frequency of service credits Security who owns and controls infrastructure deployment and delivery methods security controls in place physical location of infrastructure elements reliability reports Service delivery: overall ability to meet SLAs results of customer satisfaction surveys SLA achievement during transition Ability to meet disaster recovery and business continuity requirements Best Practice For Due Diligence

9 Enterprise Cloud Strategy

10  Limited supplier obligations  Limitations and exclusions of liability  Suspension and termination clauses  Supplier lock-in and transitioning  Regulatory compliance  Service level agreements  Supply chain / subcontracting Risk assessment - Key contractual and legal issues (1)

11  Typical obligations, warranties or other safeguards of sourcing or hosting contracts are not included in cloud computing contracts  Due to their commoditised approach, cloud computing contracts typically contain less onerous obligations on the supplier  Undertake “gap” analysis Limited Supplier Obligations

12  Limiting liability of cloud provider to a level that is not in line with the potential risk  Risk with limiting the liability of the cloud provider to the amount paid  Issues include: –almost total exclusion of liability –limited financial cap –exclusion of certain types of loss (e.g. direct losses (US contracts) indirect loss and/or data loss) –force majeure definition Liability

13  “Hair” triggers for service provider suspension and termination rights  Pitfalls of suspension clauses –impact on continuity –low barrier for suspension of services/unplanned interruptions –minor non-compliance may lead to significant remedy for the supplier  Termination for convenience by the supplier –notice period –exit obligations Suspension or Termination (1)

14  Termination for convenience by the customer –typically cloud computing contracts allow for easy exit for the customer –check contracts for termination for convenience because not always the case or such exit does not come cheap  Risk of cloud provider going out of business or restructuring its service portfolio – data escrow Suspension or Termination (2)

15  Usefulness of termination for convenience  No implied obligation to assist in data transfer and disengagement  Everything depends on your contractual agreement  Pricing Supplier lock-in and transition

16 Regulatory Compliance

17  Often not part of standard offering  SLA without “teeth”/targets  Points of attention: –definition of availability –how is the availability calculated by the provider?  e.g. 10 outages of six minutes versus 1 outage of 1 hour –service measurement period Service Level Agreements

18  Complex supply chain  Limited visibility/control  Lack of due diligence  Prior written approval for “key” subcontractors / change of subcontractors  Scope of services  Right to “step-in”/direct contract with subcontractors Supply Chain / Subcontracting

19 European Cloud Computing Strategy – State of Play

20  Identification of safe and fair contract terms for consumers and small firms  Consideration of best market practices and Data Protection Directive  Improving legal framework for cloud computing contracts in order to strengthen confidence  Working papers: http://ec.europa.eu/justice/contract/cloud- computing/expert-group/index_en.htm Objectives of Expert Group on Cloud Computing Contracts

21  Cloud Select Industry Group – Service Level Agreements (C-SIG-SLA)  Over 100 industry participants  Published guidelines in June 2014 available: http://ec.europa.eu/digital-agenda/en/news/cloud- service-level-agreement-standardisation-guidelines  To be tested with users, particularly SMEs  To be discussed with Expert Group on Cloud Computing Contracts  Feeding into efforts of international groups - ISO Cloud Service Level Agreement Standardisation Guidelines (1)

22  Overview of concepts/definitions  Series of service level objectives –performance –security –data management –personal data protection  Limitations/challenges –guidelines only –recommendations from EU –no clear thresholds Cloud Service Level Agreement Standardisation Guidelines (2)

23 Questions?

Download ppt "Roundtable: Best Practice for Cloud Sourcing Daniel Shap, Managing Counsel CIBC Dr Sam De Silva, Partner, Penningtons Manches LLP."

Similar presentations

QMUL Cloud Legal Project Cloud Legal Project: Began in Oct 2009 as 3 year project - funded by Microsoft. Focus? To address legal and regulatory issues.

QMUL Cloud Legal Project Cloud Legal Project: Began in Oct 2009 as 3 year project - funded by Microsoft. Focus? To address legal and regulatory issues.
Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
© 2013 Rainmaker Solutions Limited. All rights reserved. G-Cloud Services – Lot 4 Cloud Consultancy.

© 2013 Rainmaker Solutions Limited. All rights reserved. G-Cloud Services – Lot 4 Cloud Consultancy.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
SERVICE LEVEL AGREEMENTS The Technical Contract Within the Master Agreement.

SERVICE LEVEL AGREEMENTS The Technical Contract Within the Master Agreement.
SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Vetting and managing subcontractors – avoiding the bear traps Wayne Hughes HQN.

Vetting and managing subcontractors – avoiding the bear traps Wayne Hughes HQN.
The Defence & Security Public Contracts Regulations 2011 Sub-Contracting and Offset Arrangements Katherine Calder 8 June 2011 16938863.1.

The Defence & Security Public Contracts Regulations 2011 Sub-Contracting and Offset Arrangements Katherine Calder 8 June
Buying Better Outcomes Workshop 4 Equalities and Contract Management If you do not take it seriously, why should the supplier?

Buying Better Outcomes Workshop 4 Equalities and Contract Management If you do not take it seriously, why should the supplier?
FINANCING LNG PROJECTS. Contracting for and financing LNG assets April 2006.

FINANCING LNG PROJECTS. Contracting for and financing LNG assets April 2006.
Transposition of Consumer Rights ERGEG Monitoring Report Christina Veigl-Guthann, ERGEG Task Force Chair.

Transposition of Consumer Rights ERGEG Monitoring Report Christina Veigl-Guthann, ERGEG Task Force Chair.
Service Level Agreement Workshop Overview –Importance of Legal Review –Document Format –Master Services Agreements –Service Attachments –Short-Form Agreements.

Service Level Agreement Workshop Overview –Importance of Legal Review –Document Format –Master Services Agreements –Service Attachments –Short-Form Agreements.
Management of IT Environment (5) LS 2012/2013 1 Martin Sarnovský Department of Cybernetics and AI, FEI TU Košice ITIL:Service Design IT Services Management.

Management of IT Environment (5) LS 2012/ Martin Sarnovský Department of Cybernetics and AI, FEI TU Košice ITIL:Service Design IT Services Management.
The Outsourcing Process

The Outsourcing Process
One Firm. One Team. Countless Opportunities. Baruch College Come out to network and learn more about a career with KPMG that is far beyond coding !

One Firm. One Team. Countless Opportunities. Baruch College Come out to network and learn more about a career with KPMG that is far beyond coding !
3rd Party Risk Categorization Process

3rd Party Risk Categorization Process
Vendor Management Frequent regulatory findings:

Vendor Management Frequent regulatory findings:
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

Similar presentations

Ads by Google