In the past few weeks we have explored how cloud computing procurement can go wrong and how an adjusted approach to the same situation can result in a beneficial outcome. However, we ended last week’s post with a disclaimer — there are a number of pitfalls that you must be wary of when entering into a cloud computing contract. Even experienced strategic commissioners can easily find themselves tripped up by somewhat unique cloud computing contract terms.
Because the cloud is still in its infancy, there is very little in the way of cloud case law to reveal whether or not the Courts will reject these contract terms as unreasonable. When combined with a provider’s (unsurprising) unwillingness to concede any express term that is in its favour, you have a recipe for poorly balanced contracts.
With the above in mind, I want to reveal a number of potentially damaging terms that you may find in cloud computing contracts.
Responsibility and Liability in Cloud Computing Contracts
But before I get onto that I first want to outline the key differences between “old world” strategic commissioning contracts and “new world” clickwrap contracts.
Whilst the British legal system can provide help in protecting buyers from onerous contract terms, cloud computing is a brave new world. If you’re not too careful, you can be staring down the the barrel of complete responsibility and liability in service delivery.
In the table below are twelve key contract points (or “risk items”) and the differentiation between “traditional” strategic commissioning contracts and cloud contracts:
|Start your outsourcing partnership on the right foot||1. Clarify your vision
The costs of change. Every time an objective is amended, a poorly considered element of the service is revealed or a service consumer’s perspective differs from that assumed at the outset, there’s likely to be a cost involved. To keep costs down during a project, time invested at the beginning to clarify your vision will keep changes to a minimum. The way to clarify your vision most effectively is to ask the right questions of the right people to gain a clear enough perspective to form a defined view of what outcome you seek from this engagement.
|2. Quantify your objectives
Visions tend to be big picture and benefit-led in nature. Once you know what general direction you need to head off in, you must employ some numeric detail to help you determine where you are on your journey and when you have achieved your objectives. Calculate the relative differences between where you stand today and where you expect to be at a defined point in the future – in other words, what does success look like to you in numeric terms?
|3. Select only the best supplier partner
Only once you know exactly what outcomes you are looking for and the implications of not achieving them, can you explore an early market engagement with potential suppliers. Use this exercise to inform and further draft a requirements document that not only clearly explains what’s expected of a supplier, but starts the process of filtering out those most likely to suit your needs. From this position you’ll also have the insights needed to ask the right questions of your supplier prospects to better determine best fit to achieve your business outcomes.
|4. Define a clear and agreed contract
A contract should be a meeting of minds, a document that starts with everything that’s been agreed and finishes with wording that everyone understands and buys into which will guide the outsourcing partnership through good times and bad. A well negotiated contract is a collaborative document, a fair document and has clarity in layman’s terms. Most importantly, it needs to drive the ‘right behaviours’ between client and supplier. It’s a document that may well need to weather a storm or two along the way and should be strong enough to withstand scrutiny. This is not a static document, but one that should be reviewed and updated at least on a biannual basis to ensure that it is aligned to the realities of the relationship and the environment in which it exists.
|5. Build an Intelligent Client Function (ICF)
You may know them by another name, but we refer to the cross-departmental team of project specialists as the ICF team – the team that is responsible for fostering relationships with their opposite numbers on the supplier side to build bridges, identify challenges on the horizon and realign the mechanisms that impact on trust and productivity. Choose them carefully, listen to their insights and give them the autonomy they need to make sure that the relationships you create with your suppliers are as strong as they can be.
|Optimising the governance and management of your outsourcing partnership for best results||6. Maintain open lines of communication
Misunderstandings over requirements are the single biggest cause of strife within strategic relationships. If you do not understand how your supplier thinks, you cannot hope to communicate at their level and if you are not plugged into your supplier’s grapevine you may miss that there has been a misunderstanding. Good governance is all about spotting issues early enough and how well you are able to communicate the necessary realignment when you have.
|7. Eliminate the vague and ambiguous
A lack of clarity and detail increases the chances of someone in the process misinterpreting what’s expected of them, or, worse still, devaluing the protection you believe you have from documentation that you may rely on for legal recourse at some point. Good communication means more than just people speaking with one another: it’s the capacity for misunderstanding that is afforded by every verbal or written interaction, document and contract that someone may be guided by. So, be careful in your calls and review all your agreements to make sure, as much as is possible, that ambiguities are eliminated.
|8. Change happens, embrace it
It’s important to recognise that for a multitude of reasons change happens in any outsourcing partnership – environmental, political, financial and others – and the capacity you have to adapt to this new reality will impact on the success of your project. Changes, requested or otherwise, need to be identified, justified and quantified. Once agreed they also need to be carefully incorporated within all working documents to ensure that: a) all concerned have a full and complete understanding of what has changed and why alongside their individual responsibilities, and b) that these changes do not have any negative impact on the existing document’s ability to offer guidance and recourse in good times and bad.
|9. Appreciate that limitations exist
As time passes in your relationship two things will happen. Firstly, you will gain a clearer appreciation for the capacities of your supplier – their true skills, manpower, motivations, propensity to innovate and so forth. And secondly, as mentioned above, change will happen which could put a greater strain on the resources and capabilities of your supplier. This means that as knowledge and environment change, so must both the direction of your project and your appreciation of your supplier’s ability to achieve goals along your KPI schedule. This may necessitate a little more flexibility than may have been considered initially.
|10. Strengthen your commercial trust
A relationship is more than the sum of the contractual agreements you have between you and the role you play each day. It’s the rapport you build and the bond you create which determines the willingness of your supplier partner to go further for you, their buy-in to the relationship. Step one to developing more depth in your outsourcing partnership is to foster greater commercial trust. This essentially means doing all of the things you would need to do to evidence that you are trustworthy and to minimise opportunities for your supplier to believe that you are not.
|11. Champion firm pragmatism
Always take a highly pragmatic approach to challenges you face in your outsourcing partnership. Recognition that it is not always your supplier’s fault is a good start. Analysis of the events that led up to an issue, or failing, may well reveal a contribution from your side as well. If this is the case, it’s important to enter into any discussions with your supplier in the spirit of collaborative firefighting and realignment, not blame. Poor performance and/or behaviours must, though, be quickly addressed and strongly discouraged. Strength and speed here will prevent the creation of an environment where such things are accepted or even encouraged because of your lack of action.
|12. Be reliably consistent in your approach
Nobody likes being told that they have done something wrong. Emotions can become heightened and pushback is almost a given, but what will make matters worse is inconsistency. This can lead to confusion, annoyance and feelings of preferential treatment and favouritism which in turn can erode commercial trust. Clearly define your relational governance strategy and stick to it so every action and response can be explained in the context of already agreed processes.
|13. Intuitive behaviour management
The success of your outsourcing partnership will be determined by the ongoing commitment of your strategic supplier and its personnel. Over time motivation can wane and poor practices may creep in, so it makes sense to have a full suite of rewards and ramifications built into your agreement and the in-house monitoring to determine when they should be applied. Speed of reaction and consistency with which you tackle each incident will likely drive the right behaviours from your strategic partner. Though it is important to prioritise resolution over ‘blame’ every time, implementing a ‘fix first, discuss blame later’ approach.
In reality, you can ensure that a lot of these terms are turned in your favour by following the advice offered in the previous two posts in this series. The key is to be extremely wary of clickwrap contracts and aware of what the provider may try to enforce.
5 Common Cloud Contract Terms to Look Out For
Now lets move onto some specific contract terms that you will find in many cloud computing contracts. Over a three year period from 2009, Queen Mary, University of London conducted the Cloud Legal Project (CLP) in an attempt to unearth common cloud provider terms. Their findings were rather alarming.
1. Data Confidentiality and Integrity
Improved physical and data security is a key driver for moving to the cloud, but in many cloud contracts, responsibility for data confidentiality and integrity is expressly placed upon the customer.
The impact of this is potentially devastating — the contract expressly negates provider responsibility, and as the buyer, you cannot contract out of your legal, statutory and industry compliance obligations.
2. Data Storage Restrictions
Customers often hold sensitive or personal data subject to data protection legislation. Public sector bodies are particularly exposed to data protection and freedom of information obligations, including where in the world the data resides.
In spite of this, many cloud contracts do not specify any restrictions on data location. And even when the option is provided, there is usually no warranty. Given the nature of virtual machines, files can be easily moved around the world. Not only does the customer have no real idea of where data is being stored, it remains liable for any discovered data protection non-compliance.
None of the 31 contracts that were studied as part of the CLP offered a refund of charges as a remedy for negligence or failure. The best compensation on offer was either service credits or one month’s charges.
The impact of this should be plain. RBS’ problems in the summer demonstrate how orgnisations can suffer severe financial and reputational loss when their IT fails them, but many cloud contracts major on limited liability.
4. Changes to the Terms
Many cloud contracts can be varied unilaterally by the service provider simply posting new terms on their website, with the onus being on the customer to keep abreast of changes. This is completely contrary to traditional strategic commissioning contracts, in which terms would generally remain in place for the lifetime of the agreement, unless they were varied by mutual agreement.
The effect that this could have on you is of course completely dependent upon the nature of any changes made to the contract terms, but this kind of exposure should be considered unacceptable.
5. Dispute Resolution
Around half of the contracts studied were governed by US law and gave the provider their home court as the exclusive jurisdiction to hear any disputes. If the worst does happen, fighting an action overseas can quickly become expensive in terms of expended money and time, not to mention the potential effect on the business.
Furthermore, aspects of UK law that assist the customer, such as being able to imply terms into an unfair contract or the ability to challenge unfair express contract terms, may not apply.
Unique Challenges in a New World
Cloud computing is likely to become more and more popular in the future — the potential benefits are huge. That is of course why so many organisations are moving to the cloud. However, one must step very carefully and ensure that exposure to risk and liability is always kept at bearable levels.
If you would like to understand more about cloud computing procurement, download our free white paper: How to Successfully Contract for Cloud Services.
Creative Commons image courtesy of shho