Service level agreement (SLA) is one the most critical aspect of association of any firm with a cloud vendor. SLA defines what client expects from the vendor in terms of work (deliverables), quality, etc. and what the vendor can expect in return (revenue). It also include legal clauses to safe guard interests of both parties.
We are assuming that if agreement stage has been reached between a client and vendor, the client is very clear on what it expects from the service provider. As hiring a cloud firm is outsourcing of tasks, thus client should be very clear on dependencies which are created because of it. One should be clear if there are service disruptions from the vendor's end what all will be effected and what will be done in such cases. Thus client should be fully aware of operational risk associated with it.
We would not be concentrating on evaluation of cloud needs here. The focus will be on check points to ensure a strong SLA is signed between the two parties. Some critical points:
- Get to know mistakes already done by others: CIOs. or top management should identify mistakes done by other firms engaged in relationships. This can save lot of money and problems in future. It is observed that management of many firms jump into cloud without knowing the downsides and associated issues. Their strategy for cloud thus remains incomplete and in many cases incorrect / in-efficient.
- Audit the cloud vendor before contract is awarded: Many clients do not audit their cloud vendors, this is not a good practice. Even if your vendor is providing same services to many more clients auditing is necessary. It gains more importance if you are looking for customized / specific services. Auditing can include, matching need with infrastructure, past performance with other clients, reference checks, quality reports, downtime reports, etc. It is most important to be sure that your most critical requirements can be met by the provider successfully.
Clear performance parameters: Having clear performance parameters is very important, as if they are not well defined neither penalties or termination clauses can be invoked. Some key performance parameters are:
- Availability / uptime – generally mentioned in percentage of total time. Outage has occurred with even the largest providers too (Amazon in April 2011, Microsoft, etc.), thus it is a very practical problem.
- Security – encryption used for stored and data transmission
- Disaster recovery – what options are available, how safe is data in case of disasters
- Portability – How portable is the data stored to other vendors, in case of contract cancellation. This is of great importance, as if the data is incompatible, it virtually makes you dependent on the vendor with very few options left.
- Compliant with local legislation – depending on where the data is stored, it has to be compliant with its legislation.
- Conflict resolution steps: Clear indication of how a conflict will be resolved. Arising of a conflict is very common especially when the contract is new.
- Penalty clauses: SLAs should have penalty clauses in case of non compliance. The definition of "non- compliance" itself should be clear and measurable. Penalties have to significant to ensure the vendor is serious about meeting requirements.
- Inspection and audit rights: Biggest threat in using cloud is that data / information is stored, processed at a remote location and its security is of prime importance. Thus it is reasonable to expect that the client would like to inspect the premises to ensure the data is in safe hands. Such clauses are also great addition to a SLA
- Clear contract termination conditions: In many cases, penalties might not work, in which case cancelling the contract is the only options. This SLA clause should be framed carefully to ensure you can steer clear and with no liabilities. Many firms fail to put or include a weak termination clause, which not only encourages vendor to take undue advantage but also leads to legal risks later.
If the above mentioned points are taken care of while developing SLA for cloud, there is a higher possibility that the engagement between client and vendor will be mutually beneficial.