Creating Effective Cloud Computing Contracts for the Federal Government (CIO Council)

[ruv]

Interesting Best Practices for Acquiring IT as a Service paper provided by the Federal CIO Council. If you're doing business with the US Government it's worth a read. 

http://www.cio.gov/cloudbestpractices.pdf

A few key points:

• Selecting a Cloud Service: Choosing the appropriate cloud service and deployment model is the critical first step in procuring cloud services;
• CSP and End-User Agreements: Terms of Service and all CSP/customer required agreements need to be integrated fully into cloud contracts; 
• Service Level Agreements (SLAs): SLAs need to define performance with clear terms and definitions, demonstrate how performance is being measured, and what enforcement mechanisms are in place to ensure SLAs are met;
• CSP, Agency, and Integrator  Roles and Responsibilities: Careful delineation between the responsibilities and relationships among the Federal agency, integrators, and the CSP are needed in order to effectively manage cloud services;
• Standards: The use of the NIST cloud reference architecture as well as agency involvement in standards are necessary for cloud procurements; 
• Security: Agencies must clearly detail the requirements for CSPs to maintain the security and integrity of data existing in a cloud environment;
• Privacy: If cloud services host “privacy data,” agencies must adequately identify potential privacy risks and responsibilities and address these needs in the contract;
• E-Discovery: Federal agencies must ensure that all data stored in a CSP environment is  available for legal discovery by allowing all data to be located, preserved, collected, processed, reviewed, and produced; 
• Freedom of Information Act (FOIA): Federal agencies must ensure that all data stored in a CSP environment is available for appropriate handling under the FOIA; and
• E-Records: Agencies must ensure CSP’s understand and assist Federal agencies in compliance with the Federal Records Act (FRA) and obligations under this law

[Gary Mazz]

The FedRAMP documents are a good place to understanding criteria to enter the market ... Then maybe getting on the GSA list.�

-g
�
On 3/15/2012 1:38 PM, ruv wrote:

Interesting Best Practices for Acquiring IT as a Service paper provided by the Federal CIO�Council. If you're doing business with the US�Government�it's worth a read.�

http://www.cio.gov/cloudbestpractices.pdf

A few key points:

• Selecting a Cloud Service: Choosing the appropriate cloud service and deployment�model is the critical first step in procuring cloud services;
• CSP and End-User Agreements: Terms of Service and all CSP/customer required�agreements need to be integrated fully into cloud contracts;�
• Service Level Agreements (SLAs): SLAs need to define performance with clear terms and�definitions, demonstrate how performance is being measured, and what enforcement�mechanisms are in place to ensure SLAs are met;
• 
  
• CSP, Agency, and Integrator �Roles and Responsibilities: Careful delineation between the responsibilities and relationships among the Federal agency, integrators, and the�CSP are needed in order to effectively manage cloud services;
• Standards: The use of the NIST cloud reference architecture as well as agency�involvement in standards are necessary for cloud procurements;�
• Security: Agencies must clearly detail the requirements for CSPs to maintain the security�and integrity of data existing in a cloud environment;
• Privacy: If cloud services host �privacy data,� agencies must adequately identify�potential privacy risks and responsibilities and address these needs in the contract;
• E-Discovery: Federal agencies must ensure that all data stored in a CSP environment is �available for legal discovery by allowing all data to be located, preserved, collected,�processed, reviewed, and produced;�
• Freedom of Information Act (FOIA): Federal agencies must ensure that all data stored in�a CSP environment is available for appropriate handling under the FOIA; and
• E-Records: Agencies must ensure CSP�s understand and assist Federal agencies in�compliance with the Federal Records Act (FRA) and obligations under this law

--
You received this message because you are subscribed to the Google
Groups "Cloud Computing Interoperability Forum (CCIF)" group.
To post to this group, send email to cloud...@googlegroups.com
To unsubscribe from this group, send email to
cloudforum+...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cloudforum?hl=en
�
-----
Join our Twitter Group at www.twitter.com/cloudforum
Or Our Linkedin Group at http://ruv.net/a/1eo