CLOUD CONTRACTS WHAT PROVIDERS AND CUSTOMERS SHOULD DISCUSS
|
|
- Martin Lewis
- 8 years ago
- Views:
Transcription
1 CLOUD CONTRACTS WHAT PROVIDERS AND CUSTOMERS SHOULD DISCUSS Catalogue of recommended contractual components in General Terms and Conditions of Business (AGB) and Service Level Agreements (SLA) for Cloud Service Providers
2 Catalogue prepared by: EuroCloud.Austria The Vienna Economic Chamber Section for Business Consultancy and Information Technology Austrian Standards Institute Vienna IT Cluster, Vienna Business Agency Also recommended by: ADV, Arbeitsgemeinschaft für Datenverarbeitung Version 1.0 of 1 November
3 index 1 Framework conditions for the cloud service 1.1 Rules on all companies involved in delivering the service 1.2 Rules on changes in the contractual terms and conditions for cloud services 1.3 Rules concerning the contract termination of cloud services 2 Cloud service delivery 2.1 Rules concerning the infrastructure used 2.2 Rules concerning the content of the services 2.3 Rules concerning the implementation of the services 2.4 Rules concerning operations of the services 2.5 Rules concerning the availability of the cloud service 3 Cloud service billing 4 Cloud service security 4.1 Rules relating to data protection 4.2 Rules on IT security 4.3 Rules concerning data backups and data erasure
4 4
5 purpose PURPOSE OF THIS CATALOGUE For the cloud service user, a cloud service is like classic outsourcing of IT Services. Therefore, a cloud services agreement should include some contractual elements that are also part of a standard IT outsourcing contract. This is a catalogue of recommended contractual elements that should be incorporated into the General Terms and Conditions (AGB) and Service Level Agreements (SLA) for cloud service providers. This list does not contain suggested legal wording for provisions as the specific wordings may vary substantially according to the respective cloud service context. For example, cloud services for private photo uploads should certainly contain different contractual provisions than cloud accounting software for enterprises. This list does not claim to be exhaustive. Dr. Tobias Höllwarth EuroCloud.Austri Vienna, November
6 framework 1 FRAMEWORK CONDITIONS FOR THE CLOUD SERVICE List all essential information and necessary regulations important for drawing up the contract and terminating the cloud service agreement in this content area. In particular, this means information about the companies involved in providing the service. 1.1 Rules on all companies involved in delivering the service The following items should be taken into account, confirmed, or stated in sufficient detail in the contract: Pertinent information on the company with which the contract is to be concluded as given by public registers, such as the company register, commercial registers or registers of associations Statement on where the service provider has its registered main office and what national laws may apply to this company (head office and branches) Information on existing certifications of the contracting party. Detailed description of the existing, valid certifications of the data centre Information on businesses involved in providing the service. Also subcontractors, data centre providers or cloud services of third party companies integrated into providing the service. In particular, statements about which subcontractors are used in the local country or in countries with comparable data protection laws. For example: the legal system (even if only partially) to which the subcontractors are subject, what privacy rights the subcontractor must observe, the substantive insolvency laws that apply (access to data, separation rights, mandatory provisions, official receiver, etc.) Commitment that subcontractors are bound by the contractor to the same obligations that the contractor agrees with the customer. 6
7 framework 1.2 Rules on changes in the contractual terms and conditions for cloud services The following items should be taken into account, confirmed and stated in sufficient detail in the contract: Clarification of the form in which the contract will be made available (e.g., electronically signed PDF or printed document) as well as the approach to be taken in case of changes to the contract Confirmation that no unilateral changes to the terms of the contract will be made List of subcontractors whose replacement requires the express consent of the customer. 1.3 Rules concerning the contract termination of cloud services Rules on terminating the contract should be sufficiently taken into account, confirmed and clarified in the contract: Statement of the term of the contract, rules relating to unequivocal reasons for termination and their deadlines for both sides. Contractor s special right of termination if the provider changes important subcontractors (if keeping the current subcontractor is not possible) Statement of the provisions governing the participation of the contractor in providing data after termination Regulations for protecting the customer s data and the availability of the application in the event of insolvency of the contractor, e.g., through preventive measures Sufficiently detailed description of the processes at the end of the contract settlement, technical formats of the data transmission, handover of the electronic keys, etc. 7
8 service delivery 2 CLOUD SERVICE DELIVERY List all essential information and necessary regulations important for providing a cloud service in this content area. In particular, these include all information on the infrastructure used, service provision, its implementation and on operations. 2.1 Rules concerning the infrastructure used The following items should be confirmed or stated in sufficient detail: Explicit listing of all data centres (including their addresses) to be used for the contracted services. The legal consequences of the use of data centres outside of the EU legal framework should be made transparent Statement of how the data centre will handle potential risks (e.g., natural disasters, technical problems, crime, and human errors) and what measures and processes are taken or used to minimise possible consequences Detailed statement of the availability of the infrastructure at the data centre, the connection to one or more Internet carriers, the management documents on operations and emergencies, certifications and the availability of back-up power and cooling. 2.2 Rules concerning the content of the services As an essential element of the contract, sufficient space should be dedicated to a detailed description of the statement of work. The following items should be taken into account, confirmed or stated in the contract in sufficient detail: Sufficiently detailed description of the cloud service itself and the nature of the cloud service, e.g., Infrastructure as a Service (IaaS), etc. 8
9 service delivery Information on the origin, manufacturer and existing certifications of the service Clear statements on provisions relating to the countries in which operation of the services is assured, of the available languages and localisations, of the deployed standards, which browsers and which interfaces are supported Clear description of the available options for management of the customer s own rights, of the authentication options and user management. 2.3 Rules concerning the implementation of the services The following items should be taken into account, confirmed or stated in sufficient detail in the contract: Sufficiently detailed description of trial versions of the service (costs, duration, functions) and presentation of the migration scenarios for migrating to the full versions All service options for implementation and possibilities for customising and their associated costs Training concepts and operational as well as user manuals Acceptance processes and their consequences (e.g., commencement date, warranty, payment obligations). 2.4 Rules concerning operations of the services The following items should be taken into account, confirmed or stated in sufficient detail in the contract: Sufficiently detailed representation of release management process (time, lead time, obligation to update, customer-specific configurations) Sufficiently detailed representation of error or fault management processes (notification, communication strategy, such as ticketing system, telephony services [hotline], escalation processes, patch deadlines, etc.). 9
10 operations of the services Sufficiently detailed statement on the assured availability levels, performance metering and how the purchaser is informed of the service fulfilment status (how are monitoring and reporting handled?) Sufficiently detailed statement of what service levels (SLA) are offered and how compliance with the service levels is controlled, documented and communicated Sufficiently detailed statement on how troubleshooting is organised Sufficiently detailed statement on how capacity planning for the required infrastructure of services is handled Sufficiently detailed statement on all data export options, including the necessary interfaces and programs Rules for electronic documents (invoices and other business-relevant sup porting documents), which lead to obligations on the part of the purchaser vis-à-vis the relevant Tax Authorities. 2.5 Rules concerning the availability of the cloud service1 The following items should be taken into account, confirmed and stated in sufficient detail in the contract: Detailed regulations for communication channels for support to end customers and rules on the available support languages Provisions for 1st and 2nd level support, their respective availability and guaranteed response times Description of customer support and the use of a supporting system, such as a ticketing system. 10
11 service billings 3 CLOUD SERVICE BILLING List in this content area all essential information and necessary regulations that are important for billing a cloud service Detailed report of the content and the form of service measurement and billing and of all possible deviations from these regulations, in particular for value added services that will be billed separately, volume discounts and the price of value added services Clarification of the process for future price adjustments Detailed description of the options in the case of disruptions, such as deductions, penalties and damages Detailed description of the provisions in the event of a dispute on service delivery or delayed payment. Exclusion of rules governing the retention or deletion of the customer s data without the express consent of the customer. 11
12 service security 4 CLOUD SERVICE SECURITY List all essential information and necessary regulations important for the security of the customer s data in a cloud service in this content area. 4.1 Rules relating to data protection The following items should be stated in sufficient detail in the contract to ensure data protection compliance: Description of the service in terms of data protection aspects, description of the scope, nature and purpose of the planned data acquisition, processing or use; the nature of the data and the affected persons; definition of the processing duration and deletion of the data Statement of the rules for control of personal data (register entry or equivalent regulations). In particular, naming of contact persons within the contractor s organisation and for all subcontractors, who are available to to providing support in exercising rights of affected parties (information, permission, deletion of affected parties data) Statement of how the employees of the contractor and all subcontractors who could have access to the data, will be bound to maintain data secrecy and observe other applicable confidentiality regulations Agreement on the responsibilities between the purchaser who bears the fundamental data protection responsibility and the contractor who is responsible for the implementation of data protection instructions from the purchaser and who must establish the technical protection measures, etc. 12
13 service security Definition of cases deemed to be violations on the part of the contractor or the persons employed by him against regulations for the protection of personal data or against the provisions agreed in the order that are subject to mandatory disclosure to the purchaser Rules on legally permissible and mandatory information of the contractor to the purchaser in case of access by law enforcement agencies and other government bodies Rules on the purchaser s right to perform audits on the contractor s or its subcontractors premises, or to assign the right of audit to a third party authorised by the purchaser. Arrangements for (cumulative or as an alternative to audits by the purchaser) periodic checks/audits and certifications that ensure data protection by the contractor and verify and certify its obligations towards the purchaser. Rules governing the contractor s obligation to participate in these activities and the costs associated with this obligation. 4.2 Rules on IT security The following items should be taken into account, confirmed and stated in sufficient detail in the contract: Description of the deployed IT security solutions, such as the use of firewall systems, antivirus scanners for protection against viruses, Trojans, malware, protection against DoS, etc Description of security checks and/or penetration testing to be carried out by the contractor Description of the encryption methods and of key management for the traffic between the purchaser and the contractor, the use of encryption on the storage media and of end-to-end encryption, which completely prevents insights into customer data by the provider s staff. 13
14 IT security Detailed description of secure authentication for the use of the service, of the auditability of login actions (visible to the customer) and the ability to integrate a customer s system for authentication. 4.3 Rules concerning data backups and data erasure The following items should be taken into account, confirmed and stated in sufficient detail in the contract: Sufficiently detailed rules on mirroring of application data, and failover procedures for ensuring permanent data availability. 14
15 IT security Sufficiently detailed provisions on data backups and archiving (e.g., when, how often, how long, duration of the restore, storage of the storage media), rules for the safekeeping of the backup media (e.g., spatial separation, backup encryption schema, and provisions on customer access to data backups),rules for the deletion of the data and returning the data media after the termination of the agreement, provision for demonstrable deletion of customer data. 15
16 address EuroCloud EuroCloud.Austria - gemeinnütziger Verein für Förderung von Cloud Computing Museumstraße 5/ Wien info@eurocloud.at ADV ADV Arbeitsgemeinschaft für Datenverarbeitung Trattnerhof Wien office@adv.at UBIT Professional Association of Management Consultancy and Information Technology Vienna Schwarzenbergplatz 14 A-1041 Vienna T: F: ubit@wkw.at 16
17 address IT Cluster IT-Cluster der Wirtschaftsagentur Wien Ebendorferstraße 2 A-1010 Wien info@wirtschaftsagentur.at Austrian Standards Institute Austrian Standards Institute / Österreichisches Normungsinstitut (ON) Heinestraße Wien office@as-institute.at 17
18
Questionnaire for the SaaS contract
IT Cluster Vienna Cloud Computing Group Publisher: Paul Meinl Questionnaire for the SaaS contract Overview of issues for negotiation preparations Before you start talks with the potential contractual partner,
More information(a) the kind of data and the harm that could result if any of those things should occur;
Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data
More informationINFORMATION TECHNOLOGY MANAGEMENT CONTENTS. CHAPTER C RISKS 357-7 8. Risk Assessment 357-7
Information Technology Management Page 357-1 INFORMATION TECHNOLOGY MANAGEMENT CONTENTS CHAPTER A GENERAL 357-3 1. Introduction 357-3 2. Applicability 357-3 CHAPTER B SUPERVISION AND MANAGEMENT 357-4 3.
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationECSA EuroCloud Star Audit Data Privacy Audit Guide
ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationNSW Government. Cloud Services Policy and Guidelines
NSW Government Cloud Services Policy and Guidelines August 2013 1 CONTENTS 1. Introduction 2 1.1 Policy statement 3 1.2 Purpose 3 1.3 Scope 3 1.4 Responsibility 3 2. Cloud services for NSW Government 4
More informationDesigntech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013. Designtech Cloud-SaaS Hosting and Delivery Policy
Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page i Designtech Cloud-SaaS Hosting and Delivery Policy Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, 2013 Page ii
More informationCloud Computing. Introduction
Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between
More informationInsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?
What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software
More informationSERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES
SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES This Product Schedule Terms & Conditions is incorporated into a Services Agreement also comprising the General Terms and Conditions which the Customer
More informationOracle Cloud Hosting and Delivery Policies Effective Date: June 1, 2015 Version 1.5
Oracle Cloud Hosting and Delivery Policies Effective Date: June 1, 2015 Version 1.5 Unless otherwise stated, these Oracle Cloud Hosting and Delivery Policies (the Delivery Policies ) describe the Oracle
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationT: +43-(0)590900-3540 F: +43-(0)590900-3178 e-mail: ubit@wko.at http://www.ubit.at
Professional Association of Management Consultancy and Information Technology (Fachverband Unternehmensberatung und Informationstechnologie) Wiedner Hauptstraße 63 A-1045 Vienna T: +43-(0)590900-3540 F:
More informationPrivate Runtime Environment
Private Runtime Environment 1. Principles A Private Runtime Environment (PRE) is an environment which enables Contractors to locate their resources in a segregated environment within premises provided
More informationGeneral Purchasing Conditions. R e v i s i o n 02 dated August 24, 2 0 0 7
General Purchasing Conditions 1 1. Scope 1.1 These general purchasing conditions apply to all business transactions of the Trierenberg Holding AG and all its associated companies (from now on TBG ) with
More informationGeneral Terms and Conditions of Purchase and Cooperation for Services
General Terms and Conditions of Purchase and Cooperation for Services 1. General principles / Scope of application 1.1 Solely these General Terms and Conditions of Purchase and Cooperation for Services
More informationData Management Session: Privacy, the Cloud and Data Breaches
Data Management Session: Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, IIS President, iappanz IACCM APAC Australia Sydney, 1 August 2012 Overview Changing privacy regulation
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationTechnical Standards for Information Security Measures for the Central Government Computer Systems
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationTHIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY.
THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY. Capitalized terms used herein but not otherwise defined shall have their respective meanings set forth in the End
More informationADDITIONAL TERMS FOR VIRTUAL VOICE NETWORK SERVICES SCHEDULE 2L
ADDITIONAL TERMS FOR VIRTUAL VOICE NETWORK SERVICES SCHEDULE 2L CONTENTS 1 Service Description... 3 2 Definitions... 3 3 Virtual Voice Network terms... 4 4 CHARGES... 4 4.1 Charges payable by the... 4
More informationG-CLOUD FRAMEWORK SERVICE DEFINITION. Kofax Model Office Bundle Proposal ISSUE 1
G-CLOUD FRAMEWORK SERVICE DEFINITION Kofax Model Office Bundle Proposal ISSUE 1 Sept 2013 Table of Contents 1 SERVICE OVERVIEW & SOLUTION... 2 2 INFORMATION ASSURANCE... 3 3 BACKUP/RESTORE AND DISASTER
More informationCCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS
CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS CCBE guidelines on the use of cloud computing services by lawyers TABLE OF CONTENTS I. INTRODUCTION... 3 1. Scope of the guidelines...
More informationTHIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ).
THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ). I. Service Definition. Exchange My Mail will provide Hosted Exchange and other Application Services
More informationGiftWrap 4.0 Security FAQ
GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels
More informationAdditional terms and conditions Enterprise to the conditions of use for d.vinci easy
Additional terms and conditions Enterprise to the conditions of use for d.vinci easy 1. General information These Enterprise conditions of use supplement the general conditions of use for the software
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact
More informationCloud Service Contracts: An Issue of Trust
Cloud Service Contracts: An Issue of Trust Marie Demoulin Assistant Professor Université de Montréal École de Bibliothéconomie et des Sciences de l Information (EBSI) itrust 2d International Symposium,
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationBUSINESS TERMS AND CONDITIONS FOR USE OF MONKEYDATA SERVICE
BUSINESS TERMS AND CONDITIONS FOR USE OF MONKEYDATA SERVICE 1. CONTRACTING PARTIES 1.1. Provider: (hereinafter "BTC ) MonkeyData s.r.o. Business ID: 02731452, Tax Identification Number: CZ2731452 Registered
More informationGeneral Conditions of Purchase of WINGAS GmbH, WIEH GmbH & Co. KG and its Affiliated Companies Located in Germany for Standard Software 1.
1. General 1.1 These conditions of purchase form an integral part of all (future) contracts on the delivery of standard software (hereinafter ) between the supplier of standard software (hereinafter Contractor
More informationExhibit 3 to Appendix D to Contract (per Amendment 6) SaaS Module
1. INTRODUCTION Exhibit 3 to Appendix D to Contract (per Amendment 6) SaaS Module 1.1. This Module for Software as a Service ( SaaS Module ) between CA and Customer, effective December 15, 2015, specifies
More informationService Level Agreement
milkcloud.com is a product of Global Access Internet Services GmbH. This service agreement between the customer and Global Access Internet Services GmbH (Global Access) regulates the conditions under which
More informationIn these terms & conditions, the following terms are defined below.
Terms & Conditions for digitalpost (Dgtlpost AB) Our Service Thank you for using our online Service. Dgtlpost AB provides digitalpost web Service to collect all the mail (paper, email, and uploads) in
More informationAgreement on Software and Database Terms of Use and Maintenance Terms
Agreement on Software and Database Terms of Use and Maintenance Terms between Radlabor GmbH, Schwarzwaldstr. 175 D-79117 Freiburg Germany and - hereinafter Provider - the company or natural person, denominated
More informationPRIVACY POLICY. The effective date of this Privacy Policy is December 15, 2010. Last Updated September 29, 2014. Overview
PRIVACY POLICY The effective date of this Privacy Policy is December 15, 2010 Last Updated September 29, 2014 Overview The Bay Area Toll Authority (BATA) is committed to ensuring customer privacy and security.
More informationRL Solutions Hosting Service Level Agreement
RL Solutions Hosting Service Level Agreement April 2012 Table of Contents I. Context and Scope... 1 II. Defined Terms... 1 III. RL Solutions Responsibilities... 2 IV. Client Responsibilities... 4 V. The
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationUse of The Information Services Active Directory Service (AD) Code of Practice
Use of The Information Services Active Directory Service (AD) Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationTIBCO Nimbus Cloud Service
TIBCO Nimbus Cloud Service TIBCO Nimbus TIBCO Software Inc. (NASDAQ: TIBX) is a provider of infrastructure software for companies to use onpremise or as part of cloud computing environments. Whether it's
More informationAstaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between
Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen Supplementary data protection agreement to the license agreement for license ID: between...... represented by... Hereinafter referred to as the "Client"
More informationStandard business terms
Standard business terms Cybertec Schönig & Schönig GmbH Gröhrmühlgasse 26 2700 Wiener Neustadt (Named Cybertec resp. contractor below) Edition 2014-01 1. General remarks 1.1 As contractor Cybertec provides
More informationBy using the Cloud Service, Customer agrees to be bound by this Agreement. If you do not agree to this Agreement, do not use the Cloud Service.
1/9 CLOUD SERVICE AGREEMENT (hereinafter Agreement ) 1. THIS AGREEMENT This Cloud Service Agreement ("Agreement") is a binding legal document between Deveo and you, which explains your rights and obligations
More informationService: Contract Management (Software as a Service)
Service: Contract Management (Software as a Service) 1. Description: An overview of the G-Cloud Service (functional, non-functional) econtract Management allows for the management of a contract after award,
More informationGuidance for Data Users on the Collection and Use of Personal Data through the Internet 1
Guidance for Data Users on the Collection and Use of Personal Data through the Internet Introduction Operating online businesses or services, whether by commercial enterprises, non-government organisations
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationTERMS & CONDITIONS of SERVICE for MSKnote. Refers to MSKnote Limited. Refers to you or your organisation
TERMS & CONDITIONS of SERVICE for MSKnote Definitions: "Us or Our or We or Company" You or Your or Client Refers to MSKnote Limited Refers to you or your organisation Information about us: We are MSKnote
More informationRAUCH Terms and Conditions for the Purchase of Goods and Services
RAUCH Terms and Conditions for the Purchase of Goods and Services 1 Scope of Application (1) These terms and conditions shall govern all orders and contracts in respect of which RAUCH is customer, buyer
More informationGeorgia Institute of Technology Data Protection Safeguards Version: 2.0
Data Protection Safeguards Page 1 Georgia Institute of Technology Data Protection Safeguards Version: 2.0 Purpose: The purpose of the Data Protection Safeguards is to provide guidelines for the appropriate
More informationService Schedule for CLOUD SERVICES
Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationUbertas Cloud Services: Service Definition
Ubertas Cloud Services: Service Definition February 2013 Innovation. Power. Trust. Contents 1. About Ubertas... 2 Our Company... 2 Our Approach to Service Delivery... 2 Our Partner Network & the UK Cloud
More informationNYSED DATA DASHBOARD SOLUTIONS RFP ATTACHMENT 6.4 MAINTENANCE AND SUPPORT SERVICES
NYSED DATA DASHBOARD SOLUTIONS RFP ATTACHMENT 6.4 MAINTENANCE AND SUPPORT SERVICES 1. Definitions. The definitions below shall apply to this Schedule. All capitalized terms not otherwise defined herein
More informationGovernment Efficiency through Innovative Reform IBM Digital Experience on Cloud
Government Efficiency through Innovative Reform IBM Digital Experience on Cloud Standard terms and conditions Copyright IBM Corporation 2015 IBM Terms of Use SaaS Specific Offering Terms IBM Digital Experience
More informationService Description: Dell Backup and Recovery Cloud Storage
Service Description: Dell Backup and Recovery Cloud Storage Service Providers: Dell Marketing L.P. ( Dell ), One Dell Way, Round Rock, Texas 78682, and it s worldwide subsidiaries, and authorized third
More informationWoodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview
Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R
More informationMAXIMUM DATA SECURITY with ideals TM Virtual Data Room
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
More informationCLOUD SERVICE SCHEDULE
CLOUD SERVICE SCHEDULE 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule, unless
More informationName: Position held: Company Name: Is your organisation ISO27001 accredited:
Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationTechnology Risk Management
1 Monetary Authority of Singapore Technology Risk Guidelines & Notices New Requirements for Financial Services Industry Mark Ames Director, Seminar Program ISACA Singapore 2 MAS Supervisory Framework Impact
More informationCloud Service Baseline Requirements
Cloud Service Baseline Requirements Prepared for THE CLIENT By Flexible Computing Ltd www.flexiblecomputing.co.uk Tel: 0845 5440959 @cloudrockstars @mcraddock Version V1.2 Author Mark Craddock Distribution
More informationBlue Jeans Network Security Features
Technical Guide Blue Jeans Network Security Features Blue Jeans Network understands an organization s need for secure communications. The Blue Jeans cloud-based video conferencing platform provides users
More informationOracle Cloud Enterprise Hosting and Delivery Policies Effective Date: June 1, 2015 Version 1.5
Oracle Cloud Enterprise Hosting and Delivery Policies Effective Date: June 1, 2015 Version 1.5 Unless otherwise stated, these Oracle Cloud Hosting and Delivery Policies (the Delivery Policies ) describe
More informationGeneral Terms and Conditions: Duonell B.V. Stationsstraat 60 6026 ZH MAARHEEZE
General Terms and Conditions: Duonell B.V. Stationsstraat 60 6026 ZH MAARHEEZE Registered with the Chamber of Commerce and Industries of Brabant under number: 17130162 Clause 1: Scope of application, definitions
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationGENERAL TERMS AND CONDITIONS OF PURCHASE
GENERAL TERMS AND CONDITIONS OF PURCHASE of EGSTON Eggenburger System Elektronik Gesellschaft m.b.h. and EGSTON System Electronic spol. s.r.o. (hereinafter referred to as "EGSTON") Table of contents Clause
More informationDATA SECURITY AGREEMENT. Addendum # to Contract #
DATA SECURITY AGREEMENT Addendum # to Contract # This Data Security Agreement (Agreement) is incorporated in and attached to that certain Agreement titled/numbered and dated (Contract) by and between the
More informationGeneral Terms and Conditions for the Sale and Delivery of Software Support Services. 2004 Edition
General Terms and Conditions for the Sale and Delivery of Software Support Services 2004 Edition Professional Association of Management Consultants AND INFORMATION TECHNOLOGY EXPERTS Austrian Chamber of
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Isuz Ltd. trading as Schoolcomms
More informationREQUEST FOR EXPRESSIONS OF INTEREST 4887 EOI NETWORK BACKUP/EMAIL ARCHIVING
4887 EOI REQUEST FOR EXPRESSIONS OF INTEREST 4887 EOI NETWORK BACKUP/EMAIL ARCHIVING Expressions of Interest will be received at the Information Counter, Main Floor, Richmond City Hall, addressed to the
More informationEnterprise level security, the Huddle way.
Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationBlueSpice. Subscription contract. Contract number: C_15/05/01/St. Hallo Welt! - Medienwerkstatt GmbH Residenzstraße 2 93047 Regensburg Germany
BlueSpice Subscription contract Contract number: C_15/05/01/St Hallo Welt! - Medienwerkstatt GmbH Residenzstraße 2 93047 Regensburg Germany 1 Preamble The Provider is a company providing IT services based
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More information(1) Our offers are subject to change, unless they are explicitly designated as
General Terms of Sales and Service of MBA Design & Display Produkt GmbH (Status: May 2015) 1 The scope of application (1) Our General Terms and Conditions (GTC) apply exclusively and without further formal
More information