When signing an agreement for a cloud service, you should consider the service level provisions included in it. This is important for ensuring you receive a service that matches your expectations and business needs. This article will explain what you should look out for when considering a cloud service provider’s service levels.
Types of Cloud Services
There are a number of cloud services that your business may sign up for. Specifically, it can be a Software as a Service (SaaS), where your business accesses software online rather than it being installed locally on your computer. Popular business SaaS examples include GoToMeeting, WebEx and Zendesk.
Alternatively, it can be a Platform as a Service (PaaS) which allows you to use it to develop or run other applications online rather than locally on your computer. PaaS examples include AppFog and Google App Engine.
In the cloud computing space, there is also Infrastructure as a Service (IaaS). IaaS is the backbone of cloud computing and cloud solutions in that it provides the infrastructure upon which platforms and software can run. The infrastructure includes the hardware, which is provided and managed by a third party and shared by many users. It offers data storage and the processing power for platform and software services. Amazon AWS and Microsoft Azure are well-known IaaS offerings and are used by many SaaS and PaaS providers.
Importance of Service Levels
No matter whether it is a SaaS, PaaS or IaaS agreement, service levels will be key to your business’ use of the service. There are a few key things to keep in mind when reviewing the service levels in your agreement:
- what promises are made;
- how they are measured;
- what the effect of failing to meet these promised levels is; and
- how the force majeure clause may come into play.
What Service Levels Are They Promising?
The standard service levels provided for in your agreement with the cloud service provider will likely be levels that they are confident they can meet. This means that the levels may be lower than your ideal.
A service level roughly translates into a warranty of availability. For example, they might warrant 98% availability. This means you should be able to access the service 98% of the time. The ideal is, of course, 100%, but this may be unrealistic. In negotiating service levels, you need to consider how critical the service is to your business. If your business cannot operate without this cloud service, you may wish to offer a higher fee in return for a higher service level guarantee.
Another factor when looking at service levels is the response and resolution time. If something does go wrong and you need assistance, the agreement should set out how you can contact the service provider. It should also include how long it will take them to respond to, and resolve, the problem. Often, this is broken down, with varying response times depending on the seriousness of the issue.
Sometimes you will have an allocated amount of time you can use per month to contact the service provider. Overall, it is important to consider what amount of time is necessary for your business to run. You should make sure your agreement with the service provider reflects this.
Service Levels Should Be Measurable
Once you have favourable service levels in the agreement, you should ensure they are measurable. If the agreement provides varying response times for requests of different levels of seriousness, make sure it also specifies what kinds of issues are the most serious and, therefore, urgent, and which are the least serious. For example, the most serious issue may be a data breach. The least serious may be a request for further customisation of the service.
If the agreed response time is within one business day, you want the agreement to be specific as to when that timeframe begins. Is it when you submit the request or when the provider reads it? Will the provider respond to the request in this timeframe or will they aim to resolve it by then?
These are all key questions. You should be sure of the answers to them from the start to minimise the risk of disputes.
What Happens if the Service Provider Fails to Deliver?
Once you have agreed on set service level targets with the cloud service provider, what happens if the provider fails to meet the promised service level targets?
It is common for the service provider to set out some form of compensation in the agreement. This comes into play if they fail to deliver on their service level. This could be credits towards future service level time or a discount on your subscription fee. You should consider the following:
- how you are notified of the right to compensation, for example, an email notification with the details;
- the compensation, for example, a discount;
- when it is delivered, for example, the following month; and
- how it is delivered, for example, by deducting a lower monthly fee at the time of your direct debit.
Usually, the service provider will offer something in return for not delivering on the promised levels. However, the agreement will likely say that this is not grounds for a refund of your payments to date.
If you are on a fixed-term agreement, such as a one-year subscription, failing to meet agreed service levels will likely be expressly excluded from being grounds to terminate the agreement early (or without giving the agreed notice). The alternative is to negotiate specific terms into the agreement from the start, which will give rise to the right to terminate.
The service provider will likely have limited liability for any monetary loss suffered. They will pay you according to the agreement, which will probably mean they pay you a lot less than the loss you suffer. Accordingly, you should always carefully check your agreement before signing so you know your entitlements.
Watch Out for Force Majeure
When looking over your agreement and considering the service levels covered by your cloud service provider, you should take into account any force majeure clause. The effect of a force majeure clause is to ensure the service provider is not liable if there are unforeseen circumstances that mean they cannot meet the terms of the agreement, including the service levels.
Force majeure captures events such as natural disasters, for example, a flood which affects their servers. It could also be human-made, such as a war affecting the service provider’s employees or a rogue hacker who breaches and temporarily takes down the network. The concept behind this clause is that it is out of the service provider’s reasonable control. This means that, even if you have already paid for the service, you cannot get compensation in these situations.
While this clause is not favourable to you, it is quite standard in legal agreements. Therefore, it may be hard to negotiate out of the agreement. At a minimum, it is good to be aware of where you stand under this clause so that you can be ready or negotiate increased obligations of the cloud service provider to minimise the possibility and impact of a force majeure.
This fact sheet outlines the changes to data and privacy protection in 2023.
Key Takeaways
When your business signs an agreement with a cloud service provider, whether it be a SaaS, PaaS or IaaS, it is essential to be aware of the service levels that the provider agrees to provide. These will impact your experience of the service.
If you need help to determine if the agreement between you and your prospective cloud service provider is fair, contact our experienced IT lawyers as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.
We appreciate your feedback – your submission has been successfully received.
