A 6-Step How-To Guide to Contracting for Cloud Services Includes a 137-Element Contracting Checklist



Similar documents
Guide to Physical Security Planning & Response

The Integrated Physical Security Handbook II Second Edition

CARVER+Shock Vulnerability Assessment Tool

Retina CS: Using Strong Certificates

CA Nimsoft Service Desk

TaxSaverNetwork. Terms of Service

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

USING MERAKI FOR IOS DEVICES USER S GUIDE

Contract Management Certificate Program

Oracle Enterprise Manager

Spotlight Management Pack for SCOM

USING MICROSOFT ONEDRIVE FOR BUSINESS FOR MAC OS X USER S GUIDE

Security Language for IT Acquisition Efforts CIO-IT Security-09-48

USING MICROSOFT ONEDRIVE FOR BUSINESS WINDOWS USER S GUIDE

Cisco UCS Director Payment Gateway Integration Guide, Release 4.1

ISO 27001: Information Security and the Road to Certification

Oracle Enterprise Manager

MANAGED SOFTWARE CENTER USER S GUIDE

CA Nimsoft Monitor Snap

WTAS Valuation Services Group

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

SNACS. Free and Reduced Price School Meal Application Guide

Advanced Planning PDP Client for Microsoft Excel 1.3 Install PeopleBook

About Recovery Manager for Active

Report via OMB s Integrated Data Collection (IDC), 10

Symantec Mobile Management for Configuration Manager

Business Portal for Microsoft Dynamics GP. Key Performance Indicators Release 10.0

FEDERAL SOFTWARE LICENSES

Art Direction for Film and Video

Authorized Federal Supply Schedule Mission Oriented Business Integrated Services (MOBIS) Schedule Price List FSC Group: 874 FSC Class: R499

Disabled Veteran 3% Comment [A1]: These will have to HUB Zone 3%

Oracle Enterprise Manager. Description. Versions Supported

Strong Authentication for Juniper Networks SSL VPN

Inside Outsourcing. Ron Walker, Vice President and Managing Director for EquaSiis Insights. Inside with: August 09

Microsoft Dynamics GP. Electronic Signatures

Administration and Business Collaboration. User Manual

Continuity Plan Template for Non-Federal Governments

Guide to Securing Microsoft Windows 2000 DHCP

TERMS OF USE. Last Updated: October 8, 2015

CONSUMER CREDIT DEFAULT RATES DECREASE IN SEPTEMBER 2015 ACCORDING TO THE S&P/EXPERIAN CONSUMER CREDIT DEFAULT INDICES

Tenable for CyberArk

MICR Check Printing. Quick Start Guide

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

WELCOME TO EASTERN IOWA COMMUNITY COLLEGE

Amit Garg BERKELEY RESEARCH GROUP, LLC 1800 M Street, N.W. 2 nd Floor Washington, D.C Direct: agarg@thinkbrg.

Microsoft Dynamics GP. Project Accounting Cost Management Guide

Resource Online User Guide JUNE 2013

JD Edwards EnterpriseOne Tools. 1 Understanding JD Edwards EnterpriseOne Business Intelligence Integration. 1.1 Oracle Business Intelligence

How to Install SSL Certificates on Microsoft Servers

Data center and cloud management. Enabling data center modernization and IT transformation while simplifying IT management

OneDrive Using Office Documents

Employer Quick User Guideline

Security Analytics Engine 1.0. Help Desk User Guide

ADP Workforce Now Security Guide. Version 2.0-1

How Cisco IT Improved Strategic Vendor Management

Contents Notice to Users

Microsoft Dynamics GP. Manufacturing Planning Functions

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

Spotlight Management Pack for SCOM

LOJACK CORP FORM 8-K. (Current report filing) Filed 10/19/12 for the Period Ending 10/18/12

Oracle Utilities Work and Asset Management

Microsoft Dynamics GP. Field Service - Preventive Maintenance

Cloud Deployment Guide

Configuration Guide for SQL Server This document explains the steps to configure LepideAuditor Suite to add and audit SQL Server.

Using Premium Automatic Call Distribution for Call Centers

Degree Programs Offered. Minors Offered. Special Requirements. 236 School of Journalism and Mass Communications

Microsoft Dynamics GP. Check Printing

LDAP Synchronization Agent Configuration Guide for

Portal Administration. Administrator Guide

USING MICROSOFT ONEDRIVE FOR MAC OS X USER S GUIDE

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Secure Web Gateway 11.7 Upgrade Release Notes

Voya Financial Advisors, Inc. Registered Representative s Website Terms of Use

DIGIPASS CertiID. Getting Started 3.1.0

Certified Wedding Planner 300 hours

Centrify Mobile Authentication Services for Samsung KNOX

Non-Proprietary User Agreement No. NPUSR00xxxx SAMPLE BETWEEN

Hosted by Lunarline: School of Cyber Security

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

CURRICULUM VITAE FRANK D. RUSSO

Dealer Tutorial. Uplink Customer Service UPLINK 2010 Uplink Security, LLC. All rights reserved.

Document Management & Workflow

How to pull content from the PMP into Core Publisher

JANINE ANTHONY BOWEN Partner JACK 100 Peachtree St., NW Suite 2150 Atlanta GA (678) phone (678) fax law.

Sample Configuration: Cisco UCS, LDAP and Active Directory

REMOVE THIS COVER PAGE WHEN DOCUMENT IS READY FOR REVIEW AND SIGNATURE.

Centrify Mobile Authentication Services

EMC Smarts Network Configuration Manager

VIRTUAL PRIVATE NETWORK (VPN) USER S GUIDE FOR WINDOWS

Transcription:

Contracting for Cloud Services A 6-Step How-To Guide to Contracting for Cloud Services Includes a 137-Element Contracting Checklist Ron Scruggs, Thomas Trappler, & Don Philpott

ii Contracting for Cloud Services About the Publisher Government Training Inc. Government Training Inc. provides worldwide training, publishing and consulting to government agencies and contractors that support government in areas of business and financial management, acquisition and contracting, physical and cyber security and intelligence operations. Our management team and instructors are seasoned executives with demonstrated experience in areas of Federal, State, Local and DoD needs and mandates. For more information on the company, its publications and professional training, go to www.governmenttraininginc.com. Copyright 2011 Government Training Inc. All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system or transmission in any form or by any means, electronic, mechanical, photocopying, recording or likewise. For information regarding permissions, write to: Government Training Inc. Rights and Contracts Department 5372 Sandhamn Place Longboat Key, Florida 34228 don.dickson@governmenttraininginc.com ISBN: 978-1-937246-67-9 Sources: This book has drawn heavily on the authoritative materials published by a wide range of sources. These materials are in the public domain, but accreditation has been given both in the text and in the reference section if you need additional information. The author and publisher have taken great care in the preparation of this handbook, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or recommendations contained herein.

vii Acknowledgements This handbook has drawn heavily on authoritative materials published by many federal agencies and especially the Department of Defense (DoD), General Services Administration (GSA) and the Government Accountability Office (GAO). These materials are in the public domain, but accreditation has been given either in the text or in the reference section at the end of the book if you need additional information. Disclaimer Our aim is to provide a comprehensive framework that will allow you to understand the challenges of cloud computing, how to define procurement vehicles, processes and how to build and finalize a contract, as well as how to manage that contract. However, this book is a guide only and contains references should you need more detailed information on particular subjects. This book is not a legal handbook. Example clauses are given throughout this book, but before preparing a contract you must seek legal counsel. Also, if you have detailed legal questions seek the advice of an appropriate legal expert. www.gtibookstore.com

ix About the authors Ron Scruggs Ron Scruggs, Certified Technology Procurement Executive, has a distinguished career in sourcing, purchasing and contract management. He started his career in Washington, D.C., negotiating and managing federal government contracts in the 1960s. He also knows the international market well, having spent more than 20 years as Director of Contracts in Europe. Most recently he has co-developed the original Contracting in the Cloud seminar based on his experience since the early 2000s before the name cloud was attached to these services. Ron has assisted companies with IT and Business Process Outsourcing, Cloud Services, software development, software licensing, and Website development and other projects. He has negotiated dozens of Cloud Services agreements and developed a number of Cloud SaaS template agreements for clients. Additionally, Ron has developed software agreements for vendors, as well as customers, leading to an edge by knowing the vendors reasons for their terms and conditions while also understanding the customer needs. Acting as a consultant for a number of Fortune 500 and other companies, he has saved these companies millions of dollars while achieving better terms. On a single software deal, he saved $50 million for one of his clients. As manager of Strategic Alliances for Digital and Bay Networks, he negotiated major purchases, such as personal computers ($40 million a year) and software alliances with Microsoft, Olivetti and other major firms. He also spent 20 years working as Director of Contracts for Digital and Bay Networks. Ron has developed and taught courses to include Negotiation Success, Resolving Software Business Issues, Export Control Issues and Solutions, Open Software Dynamics and Procurement Management including Purchasing, Legal, and Finance and Contract Management subjects. Ron has a BA and MBA and has also completed post-graduate courses with INSEAD in France, the Institute of Business Methods (IMEDE) in Switzerland and the Swedish Institute of Management. His published articles include: Get Better Deals by Listening, Effective SOW Writing, Cloudy SLAs, and What Vendors Do Not Want You To Know About Escrow. Ron lives in Florida with his wife of 45 years and his pet, Benji. He still consults and teaches IT procurement issues. Thomas Trappler Thomas Trappler (www.thomastrappler.com) is Director of Software Licensing at the University of California, Los Angeles (UCLA), and has extensive experience leading enterprise-wide IT procurement and vendor-management initiatives and negotiations focused on cost reduction and risk mitigation, with an emphasis on cloud computing contracts and software license agreements. www.gtibookstore.com

x Contracting for Cloud Services Elected the inaugural Chair of the University of California (UC) system-wide Technology Acquisition Support Group, Thomas has led the investigation, implementation and ongoing vendor management for more than 30 enterprise-wide IT acquisition agreements. These agreements provide 188,000 licenses to 228 operational units in a decentralized enterprise and have resulted in savings of $7.5 million/year. Additionally, Thomas is the lead author and project manager for initiatives to develop UC-wide standard software license agreement and cloud computing contract templates. Dubbed The Cloud Contract Advisor by Computerworld magazine, Thomas is a nationally recognized expert and published author in cloud computing risk mitigation via contract negotiation and vendor management. He has been a guest lecturer at the Polytechnic Institute of New York University, and developed and teaches Contracting in the Cloud, the original seminar focused on the unique issues associated with the acquisition and management of cloud computing services. Thomas is currently working with the Cloud Security Alliance as the lead author and project manager on an initiative to establish a standard cloud computing contract checklist. His presentations and publications include: Cloud Expo West 2011, presentation, Cloud Computing Contract Issues, November 7, 2011; Educause 2011, presentation, Managing Cloud Security Risks Through the Right Partnerships, October 19, 2011; Computerworld, column, The Cloud Contract Adviser, ongoing; The Business of Cloud Computing Conference, pre-conference workshop, Due Diligence and Cloud Service Agreements, June 13, 2011; Security Professionals 2011, presentation, If It s in the Cloud, Get It on Paper: Cloud Computing Contract Issues, April 6, 2011; Educause West/Southwest Conference 2011, presentation, If It s in the Cloud, Get It on Paper: Cloud Computing Contract Issues, February 23, 2011; EDUCAUSE Live!, webinar, Spotlight on Cloud Computing, December 10, 2010; Educause 2010, discussion session, Cloud Computing Contract Issues, October 14, 2010; Educause Quarterly, article, If It s in the Cloud, Get It on Paper: Cloud Computing Contract Issues, Volume 33, Number 2, 2010; Educause Quarterly, article, Is There Such a Thing as Free Software? The Pros and Cons of Open Source Software, Volume 32, Number 2, 2009. Don Philpott Don Philpott is editor of International Homeland Security Journal and has been writing, reporting and broadcasting on international events, trouble spots and major news stories for almost 40 years. For 20 years he was a senior correspondent with Press Association-Reuters, the wire service, and traveled the world on assignments including Northern Ireland, Lebanon, Israel, South Africa and Asia. He writes for magazines, and newspapers in the United States and Europe, and is a regular contributor to radio and television programs on security and other issues. He is the author of more than 100 books on a wide range of subjects and has had more than 5,000 articles printed in publications around the world. His most recent books are Handbooks for COTRs, Performance Based Contracting, Cost Reimbursable Contracting, How to Manage Teleworkers, Crisis Communications and Integrated Physical Security Handbook II. He is a member of the National Press Club.

xi Contents Acknowledgements... vii Disclaimer... vii Step 1. Understanding Cloud Computing...1 Why it is Called Cloud Computing?...1 Key Cloud Computing Benefits...4 Challenges of Cloud Computing...10 PaaS Issues...22 Step 2. Understanding The Federal Government s New Approach To Cloud Computing...23 Cloud First...23 President s Cyber Policy...25 Federal CIO Statements...28 Cybersecurity Gets a Boost...28 IT Reform Push, Nine Months After Cloud First Introduction...41 GSA is in the Cloud...47 Step 3. Identifying/Determining Your Needs...59 Provision of Selected IT Services...61 Successful Move to the Cloud Requires Agency Introspection First...74 Focus/Roadmap...85 Pricing Billing Terms...85 Step 4. Defining Potential Procurement Vehicles and Processes...91 Contracts and RFPs...91 How do you Gather Information on Cloud Services?...91 Customer References...93 A Process For Acquiring Cloud Computing Services...93 Developing a Performance-Based Work Statement...110 Other Agencies Cloud Implementations...135 Step 5. Building and Finalizing A Contract...139 Infrastructure/Security...139 Information Security...153 Operations Management...158 Third-Party Certifications...160 Customer Data Center Inspection Rights...163 Performance Reporting...164 Location of Data...172 Data Protection, Access, Location Questions...176 Fees/Payments...177 Terms and Conditions Online...190 Storage Limits/Fees...190 Technical Support...191 SaaS, Security, the Cloud and the Contract...191 www.gtibookstore.com

xii Contracting for Cloud Services Step 6. Managing The Contract and The Vendor Relationship...211 Contract Administration...211 Conclusion...228 Notice: Appendices & Blank Forms are available online. To access additional materials, visit our website at www.governmenttraininginc.com, go to the Books section of the website, and click on Contracting for Cloud Services. In the Reference Library Login area of the page, use the following credentials to login: Username: Password: This username and password are assigned to you, the purchaser. You will need to enter your email address when logging in so that we can verify each visitor. This information is for the use of the purchaser only and not to be distributed to anyone except the purchaser.

xiii Symbols Throughout this book you will see a number of icons displayed. The icons are there to help you as you work through the Six Step process. Each icon acts as an advisory for instance alerting you to things that you must always do or should never do. The icons used are: This is something that you must always do This is something you should never do Really useful tips Points to bear in mind Have you checked off or answered everything on this list? www.gtibookstore.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information