llpc csa ny presentation sla

7/29/2019 LLPC CSA NY Presentation SLA

1/16


2/16

DISCLAIMER

This discussion does not constitute legal advice and this presentationdoes not establish an attorney-client relationship. But you knew thatanyway.

These remarks do not necessarily reflect the position of the CloudSecurity Alliance or the New York Metro Chapter of the Cloud SecurityAlliance, or of any of the clients of Laberee Law PC.

2( C ) 2 0 1 2 L A B E R E E L A W P C


3/16

3( C ) 2 0 1 2 L A B E R E E L A W P C


4/16

SERVICE LEVEL AGREEMENTS

What is a Service Level Agreement.

What Service?

What Level?

Is it an agreement?

Is there just one SLA out there?

So . . . we just have to find it, sign it and we are done? . . . Right? . . . .Right? . . . .

4( C ) 2 0 1 2 L A B E R E E L A W P C


5/16

5( C ) 2 0 1 2 L A B E R E E L A W P C


6/16

CONSTITUENCIES . . .

I.T. Department

Enterprise / Company

Companys Customers

Companys Customers Customers

Regulatory Bodies / Government

Companys Employees

Risk Management group within Company

Companys Owners

Companys Management

6( C ) 2 0 1 2 L A B E R E E L A W P C


7/16

. . . . AND WHAT THEY CARE ABOUT

Delivering good service. Jobs and budgets. Technical success and efficiency.Security.

Perform core business functions with maximum profit and long-term stability andvalue. Usually NOT I.T.

Getting service - - better, faster, cheaper. Often NOT I.T.

Effectiveness. Results. Avoidance of delay, loss or other pain. Removed fromimmediate tactical goals of Companys IT department. NOT Companys ITproblems.

Compliance. Privacy. Protection of Network and shared resources and the

commons, including security. Enforcement of non-I.T. laws.Support and resource. Keeping jobs and looking good. Privacy.

No losses, no lawsuits, no increase in compliance costs, no insurance claims.

Short- and mid-term Profits and long term value.

Employment and compensation. Company performance. Usually I.T. as a means,not end.

7( C ) 2 0 1 2 L A B E R E E L A W P C


8/16

I.T. Department

Enterprise / Company

Companys Customers

Companys Customers

Customers

Regulatory Bodies /

Government Companys Employees

Risk Management groupwithin Company

Companys Owners

Companys Management

Delivering good service. Jobs and budgets.Technical success and efficiency. Security.

Perform core business functions with maximumprofit and long-term stability and value. UsuallyNOT I.T.

Getting service - - better, faster, cheaper. OftenNOT I.T.

Effectiveness. Results. Avoidance of delay, loss orother pain. Removed from immediate tactical goalsof Companys IT department. NOT Companys ITproblems.

Compliance. Privacy. Protection of Network andshared resources and the commons, including

security. Enforcement of non-I.T. laws.

Support and resource. Keeping jobs and lookinggood. Privacy.

No losses, no lawsuits, no increase in compliancecosts, no insurance claims.

Short- and mid-term Profits and long term value.

Employment and compensation. Company

performance. Usually I.T. as a means, not end.

SLA CONSTITUENCIES GAME- - MIX AND MATCH!

8( C ) 2 0 1 2 L A B E R E E L A W P C


9/16

SO WHAT DOES AN SLA USUALLY COVER

Techies embrace them . . . lawyers love them . . . sales staff hate them . . .customers ignore them . . . . so . . . .

Intended to be legally binding agreement

Establish uptime and service levels for one business to provide cloud-basedservice and capacity to another business

What service?

What level? Level of what?

Who drafted this SLA anyway?

9( C ) 2 0 1 2 L A B E R E E L A W P C


10/16

SLAS HAVE ABOUT 7 ELEMENTS, OR NUGGETS, WHICH BEAR

CONSIDERATION WHEN PREPARING, REVIEWING, EXECUTING,

PERFORMING UNDER OR ALLOCATING RESPONSIBILITY UNDER:

1. Identification ofparties. Who will be legally bound. Who is the provider andwho is the recipient?

2. Term; Length of time during which the parties are bound.

3. Performance metrics.

4. Defined terms. Infuses the performance metrics.

5. Exceptions or failures of performance. Remediation, correction ( . . . butrarely remedies or damages in the lawyers sense).

6. Process for identifying exceptions or failures and prosecuting remediation orcorrection and claims-making.

7. Exclusions. Re-allocation of responsibility. Not-my-fault.

1 2 3 4 5 6 7

10( C ) 2 0 1 2 L A B E R E E L A W P C


11/16

Consider the reliance,

the comfort thatusers of contracts,including SLAs, get- - perhaps unduly -- from nuggets likethese in their

contracts . . . .

(all terms in airquotes with asmart-alec look):

Core components

Best efforts

Industry standard Best of breed

Best practices

Error Rate

Request (or someother term forcustomer trying toget stuff

Material . . .Substantial

LINGO DANGERS

11( C ) 2 0 1 2 L A B E R E E L A W P C


12/16

GENERAL ARCHITECTURE OF A CLOUD PROVIDER SLA.

Description of Services; some defined terms

Reference to (if not description of) maintenance, scheduled downtime,notice of maintenance.

Providers commitment to uptime

Reporting

Remedies - - often too grand a word - - it may be simply a credit for lossof uptime. Note it may not kick in unless customer asks for it. (How

does customer know?) Calculation of creditExclusions: customer equipment or software; customer connectivity;maintenance and similar interruptions after notice; Customer-relatedhuman error; old stand bys like force majeure.

Special contract and liability exclusions: consequential, incidental andpunitive damages exclusions.

12( C ) 2 0 1 2 L A B E R E E L A W P C


13/16

13( C ) 2 0 1 2 L A B E R E E L A W P C


14/16

14( C ) 2 0 1 2 L A B E R E E L A W P C


15/16

IF YOU WOULD LIKE TO TALK IN MORE DETAIL ABOUT SLAS. . . .

Service Level Agreement

Network Data Center Infrastructure

Cloud Server Hosts

Migration

Credits

Network

Data Center Infrastructure Cloud Server Hosts

Migration

Definitions

Limitations

15( C ) 2 0 1 2 L A B E R E E L A W P C


16/16

TERMS OF USE TOPICS

Cloud Terms of Service

Defined Terms [provider]s Obligations and [customer]s Obligations Access to the Services Access to Data Unauthorized Access to Your Data or Use of the

Services Disclaimers

Term Fees Limitation on Damages Indemnification No High Risk Use

16( C ) 2 0 1 2 L A B E R E E L A W P C

llpc csa ny presentation sla

Documents