llpc csa ny presentation

7/29/2019 LLPC CSA NY Presentation

1/16

Service level agreementS -Looking at slas from a

constituencies perspectivePeter W. Laberee - - laberee law pc


2/16

Disclaimer

This discussion does not constitute legal advice and thispresentation does not establish an attorney-client relationship.But you knew that anyway.

These remarks do not necessarily reflect the position of the

Cloud Security Alliance or the New York Metro Chapter of theCloud Security Alliance, or of any of the clients of Laberee LawPC.


3/16

Click icon to add picture


4/16

Service Level Agreements

What is a Service Level Agreement.

What Service? What Level? Is it an agreement?

Is there just one SLA out there?

So . . . we just have to find it, sign it and we are done? . . .Right? . . . . Right? . . . .


5/16


Constituencies approach

Which one is which . . . Arent they all the

same?


6/16

CONSTITUENCIES . . .

I.T. Department Enterprise / Company

Companys Customers

Companys Customers Customers Regulatory Bodies / Government

Companys Employees

Risk Management group withinCompany

Companys Owners

Companys Management


7/16

. . . . And what they care about

Delivering good service. Jobs and budgets. Technicalsuccess and efficiency. Security. Perform core business functions with maximum profit andlong-term stability and value. Usually NOT I.T. Getting service - - better, faster, cheaper. Often NOT I.T. Effectiveness. Results. Avoidance of delay, loss or otherpain. Removed from immediate tactical goals of Companys ITdepartment. NOT Companys IT problems.

Compliance. Privacy. Protection of Network and sharedresources and the commons, including security.Enforcement of non-I.T. laws. Support and resource. Keeping jobs and looking good.Privacy. No losses, no lawsuits, no increase in compliance costs, noinsurance claims.

Short- and mid-term Profits and long term value. Employment and compensation. Company performance.Usually I.T. as a means, not end.


8/16

I.T. DepartmentEnterprise / CompanyCompanys CustomersCompanys CustomersCustomersRegulatory Bodies /GovernmentCompanys Employees

Risk Management groupwithin CompanyCompanys OwnersCompanys Management

Delivering good service. Jobs and budgets. Technicalsuccess and efficiency. Security.Perform core business functions with maximum profit and

long-term stability and value. Usually NOT I.T.Getting service - - better, faster, cheaper. Often NOT I.T.Effectiveness. Results. Avoidance of delay, loss or otherpain. Removed from immediate tactical goals ofCompanys IT department. NOT Companys IT problems.Compliance. Privacy. Protection of Network and sharedresources and the commons, including security.Enforcement of non-I.T. laws.Support and resource. Keeping jobs and looking good.Privacy.No losses, no lawsuits, no increase in compliance costs,no insurance claims.Short- and mid-term Profits and long term value.Employment and compensation. Company performance.Usually I.T. as a means, not end.

SLA Constituencies game- - mix andmatch!


9/16

So what does an sla usually cover

Techies embrace them . . . lawyers love them . . . sales staffhate them . . . customers ignore them . . . . so . . . .

Intended to be legally binding agreement

Establish uptime and service levels for one business to providecloud-based service and capacity to another business

What service?

What level? Level of what?

Who drafted this SLA anyway?

0


10/16

SLAs have about 7 elements, or nuggets, which bearconsideration when preparing, reviewing, executing,performing under or allocating responsibility under:

1. Identification ofparties. Who will be legally bound. Who is theprovider and who is the recipient?2. Term; Length of time during which the parties are bound.3. Performance metrics.4. Defined terms. Infuses the performance metrics.5. Exceptions or failures of performance. Remediation, correction( . . . but rarely remedies or damages in the lawyers sense).

6. Process for identifying exceptions or failures and prosecutingremediation or correction and claims-making.7. Exclusions. Re-allocation of responsibility. Not-my-fault.

1 2 3 4 5 6 7

0

1


11/16

Consider thereliance, thecomfort thatusers ofcontracts,includingSLAs, get - -perhaps

unduly - - fromnuggets likethese in theircontracts . . .

.

CorecomponentsBest effortsIndustrystandardBest of breedBest practicesError RateRequest (or

some other termfor customertrying to getstuff

Material . . .Substantial

Lingo dangers

1

2


12/16

General Architecture of a Cloud provider SLA. Description of Services; some defined terms

Reference to (if not description of) maintenance,scheduled downtime, notice of maintenance. Providers commitment to uptime Reporting Remedies - - often too grand a word - - it may besimply a credit for loss of uptime. Note it may not

kick in unless customer asks for it. (How doescustomer know?) Calculation of credit Exclusions: customer equipment or software;customer connectivity; maintenance and similarinterruptions after notice; Customer-related humanerror; old stand bys like force majeure. Special contract and liability exclusions:consequential, incidental and punitive damagesexclusions.

2

3


13/16


If only one or twoconstituencies

build an sla . . .

It will show .. . !

3

4


14/16

Comments? Questions?

Thank you

4

5


15/16

If you would like to talk in more detail about slas . . . .

Service Level Agreement Network Data Center Infrastructure Cloud Server Hosts Migration Credits Network Data Center Infrastructure

Cloud Server Hosts Migration Definitions Limitations

5

6


16/16

Terms of Use Topics

Cloud Terms of Service Defined Terms [provider]s Obligations and

[customer]s Obligations Access to the Services Access to Data Unauthorized Access to Your Data

or Use of the Services Disclaimers Term

Fees Limitation on Damages Indemnification No High Risk Use

6

llpc csa ny presentation

Documents