What are Cloud service agreements (CSA)?

Cloud service agreements are the agreements between a cloud service provider (who provides infrastructure as a service (IaaS), platform as a service (PaaS), or software as a service (SaaS)) and a customer drawn to set clear expectations regarding the performance, stability, and responsiveness of the software. 

The CSA protects the customer’s access to data, minimises the expense of any required remedial action, and specifies what happens in an event of service interruption and the penalties following that. Although every CSA is unique depending upon how flexible the cloud service provider is, it generally comprises 3 major elements:

• Customer Agreement
• Acceptable Use Policy
• Service Level Agreement

The challenge posed to cloud service agreements is that the acquisition of the service usually involves multiple service providers (cloud carrier, broker or auditor), who may or may not be legally bound to the cloud customer. Therefore, having a robust CSA is important to protect the rights of the customer and ensure there is no misunderstanding between the parties. 

The Importance Of Cloud Service Agreements

As more and more businesses are using cloud services to improve operations and efficiency, the cloud service market is becoming extremely competitive. Since customers are trusting external providers to safeguard their data, applications, and critical systems, having a legal agreement in place is the only solution to ensure that the customer’s privacy is protected and the provider lives up to the demands mentioned in the contract.

What To Look For In A Cloud Service Agreement

• Customer Agreement Section (CAS) - This part of the agreement describes the overall relationship between the customer and the service provider. Both parties must agree upon all the roles mentioned in this agreement.
• Acceptable Use Policy (AUP) - This part of the agreement describes the acceptable use of and access to the services provided by the cloud service provider. It lists various activities that the provider considers an illegal use of their service and prohibits the abuse of cloud services by the customers. 
• Service Level Agreement (SLA) - This part of the agreement lists the service level metrics measured and monitored by the provider to ensure high-level performance and serviceability. It also defines financial penalties if the service model isn’t able to meet the desired performance. Most service level agreements are negotiable as the service providers are trying to meet and exceed the expectations of their customers. Here are some factors to keep in mind when evaluating an SLA:
  • Availability - The customers must be informed how and when they can access the services they are paying for. If there are circumstances under which the services may be unavailable, the service provider should address it as “downtime”. They should also provide customers with information about what to do during such an event. To guarantee a fixed “uptime”, service providers should measure and monitor relevant metrics. 
  • Data Access And Protection - If customers are using cloud services to store critical data or other important information, they must be able to access and upload new data anytime and anywhere. A robust SLA clearly defines what is meant by availability and what actions does the software provider take for data recovery and backup. This section must also underline the measures software providers are taking to protect customers data and ensure there are no breaches.
  • Evaluate Performance Fix Times - The customer must consider the support services the provider is offering. A good SLA should lay down the measures service providers take to fix downtime, solve bugs and continuously improve performance. It should also include the average response time and time they take to resolve customers queries.
  • Evaluate roles and responsibilities
  • Evaluate the policy and compliance requirements relevant to you
  • Identify service management requirements
  • Develop an effective governance process
  • Understand the exit process

What To Do Before Signing And Negotiating a CSA

For every service, a CSA is unique. Therefore, sometimes, customers find it difficult to understand the requirements and best practices provided by the supplier. Moreover, since the cloud computing landscape continues to evolve, it becomes increasingly important for customers to secure their rights and do what’s best for them. It is always advisable to seek legal advice before signing or negotiating a cloud agreement.

EAGLEGATE Lawyers is a leading, multi-award-winning law firm in Brisbane specialising in all aspects of IP, commercial and technology law. We have a team of qualified, experienced and knowledgeable lawyers who can draft, review and negotiate cloud service agreements for you. No matter which industry you belong to or cloud services you need -- be it SaaS, PaaS, IaaS, we can help you protect your business interests with a specialist cloud service agreement. 

We also provide legal advice to cloud service providers in respect of cloud service agreement strategy, helping clients understand their rights and obligations under cloud agreements, assist in risk evaluation, software licensing and  software dispute resolution, as well drafting and reviewing customer data clauses.

Got a cloud contract enquiry? Send us the contract with your questions or requirements and we will be happy to assist.

Contact us today for more information about our services and a free initial consultation. Call us or book a free 30 minute consultation.