Main content

Alert message

While there is no reason to assume that cloud services present any greater risk than other contracts you may enter into, taking a cautious approach is always wise. ACCAN recommends that you consider - and be sure you are comfortable with - the items listed in Table 1.

Table 1 – Checklist of Cloud Contractual Considerations

  • Scope of service.
  • System availability.
  • Deadlines for error correction and removal of malfunctions.
  • Contractual fines for non-performance and delays.
  • Changes in service requirements.
  • Location of servers, either within Australia or elsewhere.
  • Obligations due to regulatory or legislative amendments.
  • Prior consent required for engagement of sub-contractors.
  • Software used by the provider is properly licensed.
  • Ownership of stored data, and exclusive right of access.
  • Data protection agreements.
  • Security measures and responsibilities.
  • Non-disclosure obligations.
  • Monitoring and reporting.
  • Technical, process, and user/system administrator documentation.
  • Right to control and audit, including standard third-party certification.
  • Back-up and disaster recovery contingency plans.
  • Provision for software-escrow in case the cloud-service provider goes bankrupt.
  • Applicable law and jurisdiction.
  • Mediation, conciliation and/or arbitration.
  • Insurance, guarantees, warranties, and provision for damages.
  • The term of the contract, and termination conditions.
  • End-of-service/exit-management provisions, including transmission/deletion of data;
    (adapted from the CCBE Guidelines)

There are many resources available online, including a 'Customer Bill of Rights' that addresses thirty-nine "best practices", to help extend or modify this checklist to better suit your needs.

Return to 'Death and the Internet'   Continue to 'Part 6 - Cloud Service Types'