Client Alert. Global Information Technology & Communications Privacy, Data Protection and Information Management
|
|
- Charlotte Bishop
- 8 years ago
- Views:
Transcription
1 Global Information Technology & Communications Privacy, Data Protection and Information Management Client Alert Umbrellas for Clouds: Risk Mitigation Strategies for SaaS Transactions For further information please contact Lothar Determann Peter George Francesca Gaudino francesca.gaudino@bakermckenzie.com Roberto Grane roberto.grane@bakermckenzie.com Patrick Fair patrick.fair@bakermckenzie.com Sergio Legorreta-Gonzalez sergio.legorreta@bakermckenzie.com Executive Summary From a legal compliance and risk management perspective, outsourcing the act of engaging a third party for a period of time to provide services that had previously been performed internally shares many similarities with software as a service (SaaS) transactions procuring access to software as a service hosted by a third party instead of through more traditional licensing means. The compliance and risk management tools developed for outsourcing, including supplier due diligence, compliance risk assessments and standard contractual terms and conditions, are tools that should be used when considering a SaaS solution. This article seeks to identify the risks that may not be adequately addressed today under traditional procurement processes for software licenses and provides suggestions for addressing those risks using the tools that have evolved in the outsourcing space. Introduction Cost reduction is not a buzz word, it is a business reality. Procuring access to software as a service, as opposed to through the traditional means of licensing software for on premises use, may offer significant opportunities for cost savings. One of the chief attractions in today s economic climate being the avoidance of large, upfront costs in technology infrastructure investments and software licensing fees. Additional drivers include the scalability of SaaS solutions, permitting real time cost reductions based on decreased usage or reduced staffing volumes cost reductions typically not available in the context of perpetual software licenses, and avoidance of costly maintenance and support obligations. Also, hosted solutions from sophisticated providers can offer superior data security protection features that many smaller organizations could not easily replicate internally. For these and other reasons, the cloud constitute an attractive solution to a variety of problems. But, cloud computing and SaaS transaction also raise compliance and risk management issues and some of these are very different from those arising in the context of more traditional software procurement and internal deployment models. Many SaaS and cloud- specific risks are more similar to the risks associated with outsourcing and the tools used to manage these risks in the outsourcing context should be used to manage SaaS risks. What is SaaS? SaaS is many different things. In some contexts SaaS refers to cloud computing, which is essentially a way of leveraging infrastructure investments across many users. In other contexts, SaaS refers to the allocation of platform level resources to users in a virtual manner, based on agreed service level and pricing provisions. In this article, SaaS refers to the remote use of application and platform level resources over the internet or through some
2 2 Umbrellas for Clouds: Risk Mitigation Strategies for SaaS Transactions other network, where the application or platform resources are managed and maintained by a third party provider. Sourcing Risks As sourcing advisors, we are very familiar with the tools used to mitigate the risks raised by outsourcing transactions. These risks can generally be categorized into three main areas (i) governance risk; (ii) operational risk and (iii) compliance risk. Governance risk arises from the sourcing entities transfer of control over delivery of a critical business function to a third party and reliance on that party for the performance of the function. Operational risk is the risk associated with the quality of the day to day delivery of the function. Compliance risk arises from legal, governmental and other third party liability that may not be delegable even when control over the delivery of the outsourced function is transferred to a third party. These risks are also present in the context of SaaS. Governance risks are those risks that are inherent to the loss of control over the management and incentive structure of the party performing the outsourced function. By transferring control over the delivery of a function to a third party, the outsourcing customer becomes reliant on the service provider, but lacks the direct power to manage the third party s performance of the service. In the context of SaaS offerings, where control over delivery of the service resides in the service provider, similar governance risks exist. The customer cannot directly manage the performance of the services, but must rely on the SaaS provider for delivery of those services. Governance risks are addressed in the outsourcing context through provider reputational investments (what is the provider s track record in working well with other customers), relationship management procedures and contractual provisions intended to provide the outsourcing customer with ongoing leverage and influence over the management of the service provider. These contractual provisions include the ability to insource or resource tasks, change control provision, controls over process evolution, convenience termination rights, benchmarking rights, ongoing rights to audit and access data, ownership rights in technology to permit switching and other such provisions. The intent of these structures is to provide the outsourcing entity with some insight into the service provider s behavior, influence over that behavior and leverage to cause the service provider to remain responsive to the outsourcing entities business requirements. Where switching costs for critical functions are high, governance risks must be carefully controlled. Switching costs in the context of SaaS may be lower than in the context of outsourcing, since many SaaS applications are fairly generic and, at least initially, are not heavily customized to any particular customer. In addition, SaaS transactions have typically been for add-on functionality, as opposed to mission critical applications making the governance risks associated with SaaS offerings lower than for more traditional outsourcing arrangements. That initial analysis, however, is probably changing. SaaS solutions are becoming more customized and continue to cover a greater scope of business functionality. As switching costs increase and the critical nature of the services being sourced rises, governance risks will have to be more closely considered with respect to SaaS transactions. There are a myriad of tools to use from the outsourcing context to address governance risks in SaaS offerings. Currently, its very hard to find a commercial SaaS offering that provides benchmarking rights, for example, or even promises for long term price protection. As switching costs increase because SaaS offerings become more customized and as SaaS providers seek to provide comfort to larger customers that governance risk will be
3 3 Umbrellas for Clouds: Risk Mitigation Strategies for SaaS Transactions tempered, such contractual provisions may begin to find there way into SaaS contracts. Likewise, while many SaaS contracts provide for data transfer at the termination or expiration of the agreement, as these offerings become more mission critical those provisions may become augmented by more significant obligations to provide knowledge transfer and support. We are already seeing more pronounced investments by SaaS providers in their reputations, particularly with respect to data privacy, security and scrutiny over unilateral contract changes. Operational Risk Operational risks are those risks related to the performance and delivery of activities that are under the control of a third party provider. In the outsourcing context, these risks are normally addressed through service level agreements, mutually acceptable procedures manuals and performance warranties. SaaS offerings already borrow some aspects of the operational protections of outsourcing. For example, many SaaS offerings provide for different levels of service based on price. This structure is similar to the incentive structure built into many of the service level agreements used in the outsourcing context. Different levels of service attract different pricing or result in varying levels of pricing credits. There are several important distinctions between the use of service level agreements in the typical SaaS context and outsourcing, though. In outsourcing, the credit is intended as leverage to drive a certain behavior on the part of the service provider to delivery certain minimum standards of performance. In the SaaS context, on the other hand, the service level agreement may be used more as a means of allocated resources based on price. Where performance fails to meet a minimum standard in the outsourcing context, the credit is supposed to initiate certain corrective actions on the part of the provider. In contrast, the service level agreement prices a particular level of performance in a SaaS transaction there is not necessarily a corrective action initiated by a particular performance level. This distinction should be considered where a minimum level of performance is a business driver behind the decision to procure a SaaS solution, particularly where paying less for the service may not satisfy a business requirement. Where corrective action is required, the service level agreement should reflect that obligation. Compliance Risk Compliance risks are those risks related to legal, government and other third party liability that may not be delegable even when control over the delivery of the outsourced function is transferred to a third party. These risks often stem from obligations to comply with law which cannot be delegated even though the performance of the task being regulated may be. Familiar examples include maintaining adequate controls over financial systems, even where those systems have been outsourced to a third party, and liability for misreporting withholding tax even where payroll processes have been outsourced to a service provider. These risks also include liability for unauthorized disclosure of personal data that might be processed by a third party. In the outsourcing context, these risks are addressed through the clear allocation of controls to mitigate the risk of violations, audit rights to verify conformance with controls, well articulated procedures, and indemnities intended to reallocate liability from the party that may incur a penalty for breach to the party best positioned to prevent a violation. These provisions both allocate compliance responsibilities and allocate financial obligations for failure to meet compliance requirements. For example, a human resource outsourcing agreement may allocate responsibility for calculating a reporting
4 withholding tax to the service provider. It may provide controls for minimizing the risk of fraudulent reporting and audit rights to detect failures to comply with those controls. It may also include indemnification against fines and penalties that would otherwise accrue against the customer for failure to accurately make such reports. Simply because services are being sourced under a SaaS model, as opposed to an outsourcing structure, customers should not assume that compliance obligations may be dismissed. Regardless the sourcing model, customers will remain responsible for breach of non-delegable compliance obligations. Unfortunately, though, many of the protections provided in the typical outsourcing agreement are absent in the context of SaaS offerings. We would expect that as SaaS models gain greater acceptance, the same controls and processes used to ensure compliance obligations are met in the outsourcing context will be applied to SaaS offerings. Likewise, as SaaS vendors move into more heavily regulated business processes or seek to attract work from publicly traded companies subject to greater regulatory oversight, we expect that compliance obligations will be addressed more comprehensively in SaaS transactions. Providers that can address compliance risks efficiently will likely have an advantage over providers that must address compliance issues on an ad hoc basis. SaaS offerings that are able to apply economies of scale to spread compliance costs across multiple customers may even provide increased savings and risk mitigation opportunities to customers desperate to tighten budgets without increasing compliance risk. From a data privacy and security law perspective, the two most significant challenges brought about by SaaS and cloud computing models are as in many other outsourcing transactions that data is transferred across geographic borders (which triggers specific compliance requirements under data protection laws in Europe and other countries) and that it is more difficult for customers to keep control over the data processing operation. In connection with dynamic cloud computing architectures particularly, data can be on a variety of computers, in various jurisdictions and accessed by numerous service providers, contractors and subcontractors. But, if the customer looses control over the details of the data processing, the customer can no longer rely on the limited exceptions in data privacy laws for data transfers to mere data processing agents, with the effect that the customer may have to obtain consent from data subjects (e.g., employees, consumer customers, individual representatives of corporate customers), which is often impractical and always undesirable. Therefore, it is of particular importance for cloud computing and SaaS arrangements involving personal data to implement detailed and clear agreements that keep the customer in control over all relevant aspects of the data processing (where data is stored, by whom, what technical protection measures are applied, return/deletion of data on request, etc.). Given that SaaS and cloud solutions are usually offered on a standardized and as is basis, the contracting parties have to work out cost compensation questions for situations where the customer wants to exercise its control, and protect the vendors from early termination damages in case the vendor cannot accommodate a customers special request an issue that is also familiar from more traditional outsourcing contract negotiations (change management). 4 Umbrellas for Clouds: Risk Mitigation Strategies for SaaS Transactions
5 Conclusion SaaS offerings are different from outsourcing in fundamental ways. However, the risk profile of both types of transactions share certain similarities. The tools used to mitigate risk in the context of outsourcing transactions are relevant to SaaS and will become increasingly important as SaaS transactions compete for a greater share of the market for services Baker & McKenzie. All rights reserved. Baker & McKenzie LLP is a limited liability partnership registered in England and Wales with registered number OC A list of members names is open to inspection at its registered office and principal place of business, 100 New Bridge Street, London, EC4V 6JA. Baker & McKenzie LLP is a member of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the terminology commonly used in professional service organisations, reference to a partner means a person who is a member, partner, or equivalent, in such a law firm. Similarly, reference to an office means an office of any such law firm. Baker & McKenzie LLP is regulated by the Solicitors Regulation Authority of England and Wales. Further information regarding the regulatory position is available at This may qualify as Attorney Advertising requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome. 5 Umbrellas for Clouds: Risk Mitigation Strategies for SaaS Transactions
LegalBytes. Take That Back: Drivers and Considerations for Insourcing. Special Edition
LegalBytes Special Edition November 27, 2012 Print version For more information Samuel Kramer T +1 312 861 7960 samuel.kramer@bakermckenzie.com Michael Mensik T +1 312 861 8941 michael.mensik@bakermckenzie.com
More informationContracting for Cloud Computing
Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal
More informationData Privacy in the Cloud: A Dozen Myths & Facts
Data Privacy in the Cloud: A Dozen Myths & Facts March 7-9 Washington DC Presented by: Barbara Cosgrove, Chief Security Officer, Workday, Inc. Lothar Determann, Partner, Baker & McKenzie LLP We re taking
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationNavigating Vendor Management Issues in Today s Regulatory Environment
Navigating Vendor Management Issues in Today s Regulatory Environment May 6, 2015 Elizabeth E. McGinn, Partner Moorari K. Shah, Counsel 1 Disclaimer The information contained herein is for informational
More informationMobile App Developer Agreements
Mobile App Developer Agreements By Alan L. Friel Many companies that have had disputes with developers have been surprised to discover that the agreements signed, often without input from legal, failed
More informationWealth Management. Instinctively global
Wealth Management Instinctively global In an integrated global economy clients need an integrated global law firm The wealth management landscape is changing and with it the needs of our clients. An instinctively
More information(a) the kind of data and the harm that could result if any of those things should occur;
Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data
More informationIsaac Willett April 5, 2011
Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act
More informationVendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.
Vendor Management: An Enterprise-wide Focus Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Why Focus on Vendor Management Increased financial regulatory scrutiny GLBA and Identity Theft Red
More informationSchedule 14 CDS Data Center Hosting Agreement
Schedule 14 This Hosting Agreement ( Agreement ) for the Central Data System is made as of, 2012 (the Effective Date ) by and between the Washington Metropolitan Area Transit Authority (the "Authority"
More informationIf a Client and a Freelancer enter an independent contractor relationship, then this Freelancer Agreement ( Freelancer Agreement ) will apply.
Freelancer Agreement If a Client and a Freelancer enter an independent contractor relationship, then this Freelancer Agreement ( Freelancer Agreement ) will apply. This Agreement is effective as of March
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationCloud Computing. Introduction
Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationVendor Risk Management in the New Regulatory Environment. kpmg.com
Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators
More informationEvolving Issues for Healthcare IT Contracting
Evolving Issues for Healthcare IT Contracting By: Alan L. Friel This client advisory is based in part on an article appearing in FierceHealthIT. The emergence of mega-suite vendors, more use of the cloud,
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationLegal Challenges for U.S. Healthcare Adopters of Cloud Computing
Legal Challenges for U.S. Healthcare Adopters of Cloud Computing by Kevin Erdman and Nigel Stark of Baker & Daniels LLP 1 ABSTRACT U.S. Healthcare companies have begun experimenting with taking business-critical
More informationHedge fund launch considerations Reaching new boundaries. Investment Management
Hedge fund launch considerations Reaching new boundaries Investment Management There are people who make things happen, there are people who watch things happen, and there are people who wonder what happened.
More informationThird party assurance services
TECHNOLOGY RISK SERVICES Third party assurance services Delivering assurance over your service providers The current third party service provider environment Corporate UK has been transformed in recent
More informationAPES GN 30 Outsourced Services
APES GN 30 Outsourced Services Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: March 2013 Copyright 2013 Accounting Professional & Ethical Standards Board Limited
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationCloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World
Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com
More informationAdding Value In Finance And Accounting Outsourcing
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Adding Value In Finance And Accounting Outsourcing
More informationTEN TIPS FOR NEGOTIATING SOFTWARE LICENSE AGREEMENTS
TEN TIPS FOR NEGOTIATING SOFTWARE LICENSE AGREEMENTS November 18, 2015 Benjamin G. Lombard 414-298-8225 blombard@reinhartlaw.com Adam J. Spector 414-298-8200 aspector@reinhartlaw.com 1000 North Water Street,
More informationAPES GN 30 Outsourced Services
APES GN 30 Outsourced Services Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: [DATE] Copyright 2012 Accounting Professional & Ethical Standards Board Limited (
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationIOPS GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS
. IOPS GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS June 2010 1 GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS 1 Introduction 1. The objective
More informationBuying software in 2015: how has the landscape changed? ANDREW JOINT JEREMY HARRIS EDWIN BAKER 28 APRIL 2015
Buying software in 2015: how has the landscape changed? ANDREW JOINT JEREMY HARRIS EDWIN BAKER 28 APRIL 2015 Agenda How has software and its procurement changed? The impact of: Cloud SIAM Agile OSS The
More informationWhite Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management
White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.
More informationData Security and Breach in Outsourcing Agreements
Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel Digital, Technology, ecommerce & Privacy Practice Group November 19, 2015 Akiba Stern Partner,
More informationphotos.com Cost, Quality and Accountability Public Tendering versus Self-Performance for Municipal Infrastructure Delivery in Canada
photos.com Cost, Quality and Accountability Public Tendering versus Self-Performance for Municipal Infrastructure Delivery in Canada For more than 200 years and with few exceptions, Canada s municipal
More information2012 Winston & Strawn LLP
2012 Winston & Strawn LLP Top 5 Negotiation Points for Software, SaaS, and Outsourcing Agreements Brought to you by Winston & Strawn s Advertising, Marketing, and Entertainment Law Group 2012 Winston &
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationManaging Outsourcing Arrangements
Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS
More informationKPMG Internal Audit 2015: Top 10 considerations for private equity firms. kpmg.com
KPMG Internal Audit 2015: Top 10 considerations for private equity firms kpmg.com INTERNAL AUDIT TOP 10 CONSIDERATIONS IN 2015 1 Historically, private equity has been less regulated than other parts of
More informationHow To Protect Your Data In The Cloud
Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationOFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationLegal Considerations When Outsourcing
Legal Considerations When Outsourcing Coffee Talk: A Miller Thomson Health Industry Seminar Series February 8, 2007 Karima Kanani Agenda 1. What is Outsourcing? 2. Identifying an Outsourcing Supplier 3.
More informationHealthcare Payment Processing: Managing Data Security and Privacy Risks
Moderator: Linda A. Malek Chair, Healthcare Moses & Singer LLP Healthcare Payment Processing: Managing Data Security and Privacy Risks Thursday, September 13, 2012 Panelists: Beth L. Rubin Senior Counsel
More informationThe responsibilities and duties of a company director
The responsibilities and duties of a company director Page 1 Contents Introduction page 3 The role page 4 The general duties page 5 Other duties and responsibilities page 9 Indemnities and insurance page
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES
More informationJohn Evason, Monica Kurnatowska and Daniel Ellis Partners, Collective Rights Group
Employment Focus on Redundancy London August 2008 Contents What is Redundancy?.........................2 Individual Consultation........................3 Collective Consultation........................4
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationMoving Network Management from OnSite to SaaS. Key Challenges and How NMSaaS Helps Solve Them
Moving Network Management from OnSite to SaaS Key Challenges and How NMSaaS Helps Solve Them Executive Summary In areas such as sales force automation and customer relationship management, cloud-based
More informationPrivacy and Outsourcing
Privacy and Outsourcing Doron Rotman, National Privacy Service Leader August 2007 ADVISORY You can outsource liability you can t outsource responsibility and accountability! 1 1 Introduction Sourcing defined
More informationThinking About Outsourcing? Issues to Consider When Contemplating an Outsourcing Transaction
Thinking About Outsourcing? Issues to Consider When Contemplating an Outsourcing Transaction Kevin C. Boyle and Allen J. Klein As a threshold matter, as you begin considering outsourcing it is critical
More informationMoving Service Management to SaaS Key Challenges and How Nimsoft Service Desk Helps Address Them
Moving Service Management to SaaS Key Challenges and How Nimsoft Service Desk Helps Address Them Table of Contents Executive Summary... 3 Introduction: Opportunities of SaaS... 3 Introducing Nimsoft Service
More informationAccountability: Data Governance for the Evolving Digital Marketplace 1
Accountability: Data Governance for the Evolving Digital Marketplace 1 1 For the past three years, the Centre for Information Policy Leadership at Hunton & Williams LLP has served as secretariat for the
More informationGENERAL TERMS AND CONDITIONS FOR SAP CLOUD SERVICES ( GTC )
GENERAL TERMS AND CONDITIONS FOR SAP CLOUD SERVICES ( GTC ) 1. DEFINITIONS Commonly used capitalized terms are defined in the Glossary at the end of the document. 2. USAGE RIGHTS AND RESTRICTIONS 2.1 Grant
More informationBefore the Department of Energy Washington, D.C. 20585 ) ) ) ) ) ) NBP RFI: Data Access, Third Party Use, and Privacy
Before the Department of Energy Washington, D.C. 20585 In the Matter of Implementing the National Broadband Plan by Empowering Consumers and the Smart Grid: Data Access, Third Party Use, and Privacy )
More informationCyber and data Policy wording
Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More informationPRIORITIZING CYBERSECURITY
April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationBUYING AGENCY AGREEMENT
THIS AGREEMENT ( Agreement ) is made this day of, 20xx, by and between, with its principal place of business at referred to hereinafter as Buyer, and, with its principal office at, hereinafter referred
More informationBanking and financial services outsourcing in Asia: the legal and regulatory essentials
Briefing Banking and financial services outsourcing in Asia: the legal and regulatory essentials Summary Asia s banking and financial services sector is increasingly looking to outsourcing and offshoring
More informationBusiness Associate Agreement
This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More information(Short Form) Terms and Conditions. Version 1.2 dated 17 February 2015. Please note:
(Short Form) Terms and Conditions Version 1.2 dated 17 February 2015 Please note: The Agreement comprises two parts: Particulars Terms and Conditions (Short Form) Terms and Conditions Page 2 of 7 Terms
More informationGUIDANCE NOTE ON OUTSOURCING
GN 14 GUIDANCE NOTE ON OUTSOURCING Office of the Commissioner of Insurance Contents Page I. Introduction.. 1 II. Application...... 1 III. Interpretation.... 2 IV. Legal and Regulatory Obligations... 3
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationAnatomy of a Cloud Computing Data Breach
Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations
More informationPortland. Reducing Software Costs While Increasing Cost Predictability and Control. Abstract. Mikko Marttinen
White paper Reducing Software Costs While Increasing Cost Predictability and Control Mikko Marttinen Abstract Effective software procurement addresses contractual and overall cost of ownership through
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationGUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987
GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 CONTENTS Page 1. Introduction 3-4 2. The Commission s Policy 5 3. Outsourcing
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationCLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1
CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More informationCODE OF ETHICS POLICY
CODE OF ETHICS POLICY The YMCA's reputation is dependent upon the good judgment, ethical standards and personal integrity of every individual in the YMCA. As the YMCA continues to grow, it is of paramount
More informationOutsourcing in the Financial Services Industry: Finding Opportunities and Managing Risk. New York. OCC and FRB Guidance on Managing Third-Party Risk
March 24, 2014 If you have any questions regarding the matters discussed in this memorandum, please contact the following attorneys or your regular Skadden contact. Stuart D. Levi New York / 212.735.2750
More informationBOLT Software Technology Terms of Use Last Updated: November 4, 2015
BOLT Software Technology Terms of Use Last Updated: November 4, 2015 1. Introduction; License Thank you for using the Bolt Software Technology ( we, our or Bolt ) Software As A Service ( SaaS ) available
More informationManaging Third Party Risks in a Global Supply Chain
Managing Third Party Risks in a Global Supply Chain The Companies You Keep William Marshall, Hong Kong Ross Denton, London Jasper Helder, Amsterdam Baker & McKenzie Amsterdam N.V. is a member firm of Baker
More informationGeneral Contract Clauses: Corporate Social Responsibility Representations and Warranties
General Contract Clauses: Corporate Social Responsibility Representations and Warranties Mark S. Ostrau and Ashley C. Walter, Fenwick & West LLP, with PLC Commercial These Standard Clauses provide general
More informationThe Role of Internal Audit in Risk Governance
The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any
More informationCYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison
CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers
More informationSOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?
SOLUTION BRIEF: CA IT ASSET MANAGER How can I reduce IT asset costs to address my organization s budget pressures? CA IT Asset Manager helps you optimize your IT investments and avoid overspending by enabling
More informationSOURCING INSIGHT. Cloud Computing Technical Evolution / Business Revolution. A Trestle Group Research Publication
SOURCING INSIGHT Cloud Computing Technical Evolution / Business Revolution There is a growing belief that over the next five years, Cloud Computing will become a major stimulus for change in how corporations
More informationReview of Cloud Risks: What if
Review of Cloud Risks: What if Availability of Data Ownership of Data Security of Information Privacy Controls there is no way to prevent Twitter from sharing your data (like when & where you tweeted from)
More informationMethods and Practices: Cloud in Retail
Methods and Practices: Cloud in Retail IDC Retail Insights: Retail IT Infrastructure Strategies METHODS AND PRACTICES #RI243398 Kimberly Knickle Leslie Hand Global Headquarters: 5 Speen Street Framingham,
More information-17 2015 OUTSOURCING POLICY
Outsourcing Policy TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 Aim & Introduction... 3 POLICY PARAMETERS... 4 Key Terms... 4 Outsourcing Agreement Requirements... 5 MATERIAL OUTSOURCING AGREEMENTS... 6 Board
More informationCentral bank corporate governance, financial management, and transparency
Central bank corporate governance, financial management, and transparency By Richard Perry, 1 Financial Services Group This article discusses the Reserve Bank of New Zealand s corporate governance, financial
More informationAm I a Business Associate?
Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have
More informationWHITE PAPER OCTOBER 2014. Unified Monitoring. A Business Perspective
WHITE PAPER OCTOBER 2014 Unified Monitoring A Business Perspective 2 WHITE PAPER: UNIFIED MONITORING ca.com Table of Contents Introduction 3 Section 1: Today s Emerging Computing Environments 4 Section
More informationEmail Marketing and Data Security
WHITE PAPER APRIL 2011 Best Practices in Email Marketing Email Marketing and Data Security Important guidelines for how brands can protect their customers data PUBLISHED BY US Headquarters StrongMail Systems,
More informationManaging General Agents (MGAs) Guideline
Managing General Agents (MGAs) Guideline JUNE 2013 DRAFT FOR COMMENT BC AUTHORIZED LIFE INSURERS www.fic.gov.bc.ca PURPOSE This draft guideline outlines best practices that the Financial Institutions Commission
More informationClearing the Legal fog:
Clearing the Legal fog: cloud computing explained MARCH 2010 This issues summary highlights some of the main legal issues that are claimed to negatively affect users of cloud computing and provides practical
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationA Unified View of Network Monitoring. One Cohesive Network Monitoring View and How You Can Achieve It with NMSaaS
A Unified View of Network Monitoring One Cohesive Network Monitoring View and How You Can Achieve It with NMSaaS Executive Summary In the past few years, the enterprise computing technology has changed
More informationSchedule 15 CSA Web Hosting Agreement
Schedule 15 This Hosting Agreement ( Agreement ) for the Customer Service Application is made as of, 2012 (the Effective Date ) by and between the Washington Metropolitan Area Transit Authority (the "Authority"
More information