For a Good Cloud Contract, Start with an RFP

RFP responses can also demonstrate quite clearly that a particular vendor doesn't even understand the question that you're asking. For example, if your company is in an industry that faces regulatory compliance issues, you'll probably need to mention relevant legislation, such as GLB, HIPAA, FERPA or SOX in the RFP. If a vendor doesn't even know what those acronyms stand for, take that as a bad sign.

Vendor responses can also serve as your starting point for understanding where the cloud vendor's responsibilities will end and yours will begin. This information is essential for you to plan for the vendor management resources you'll need to have in place to monitor SLAs, recertifications, renewal pricing, data breach response management and other contract compliance issues.

The cloud remains a new and evolving market, so craft your RFP questions in a sufficiently granular fashion, with each requiring responses that go beyond a simple yes or no. This may make for a long list of questions, but it will go a long way toward avoiding unclear vendor responses and outright misunderstandings, and make the results of your RFP process much more useful and effective.

***

Interested in learning more about cloud computing risk mitigation via contract negotiation and vendor management? Then please sign up for my seminar Contracting for Cloud Computing Services, Oct. 29-30, in Washington, D.C. I look forward to seeing you there.

Thomas Trappler is director of software licensing at the University of California, Los Angeles, and a nationally recognized expert, consultant and published author in cloud computing risk mitigation via contract negotiation and vendor management. For more information, please visit thomastrappler.com.