Tip of the Week: What do you need to consider when making Cloud commitments?
This week, we have another expert TIP for you.
#87: What do you need to consider when making Cloud commitments?
We all know it these days: purchasing traditional software versus entering into a Cloud commitment. The end goal is well-working software, but the path towards it is different. Traditional software purchasing is generally a well-known process and the business knows how to find the ITAM team for this. But what about the Cloud? Is that also as well organised? Here are a few points that you should definitely keep in mind:
General questions an organisation should ask before taking out a Cloud subscription:
- Is there a software selection committee and does it work with functional requests?
- Are there defined steps for Cloud/SaaS commitment?
- Which contracts are used: do we accept those of the publishers, or do we start from a self-determined contract and negotiate until the best position is reached?
Safety & Security
Think of checks for data protection (access to data, personal data), security (which rules, contingency plan, Disaster Recovery Plan), legal (terms & conditions in line with those of your company). These aspects can be captured in e.g. a SaaS questionnaire, in which questions on data protection & security have to be answered at every commitment.
On the legal side: is the same contract language used? Is everything clearly worded? Are the right rules followed with regard to data storage (e.g. a ban on storing company data in a certain country/part of the world).
And also think about what happens in the long term: What if the contract stops? What about data retention and data removal?
Before entering into a Cloud commitment, one should also think about the exact form. Will it be fully SaaS, hybrid SaaS or on-premise? And, "where is what"? Think, for example, of the software itself, but also of (sensitive) data and personal data. Have the right agreements been made, and who checks them, and how often?
Do you conclude a contract for a specific piece of software, or with the software publisher? Think for example of a "zero-value contract" (framework contract). This only provides an agreement between the organisation and the software publisher, in which all previously mentioned areas are covered. The commercial matters are then filled in later. If other software is purchased from the same publisher, this contract can be re-used, or an amendment can be made to cover any deviations with the new software.
Do you already have a team in place? All these activities can be carried out separately from the SAM/ITAM team, for example by a special cloud team (depending on size). However, this team must maintain a clear link to the ITAM team (e.g. contract registration in SAM tooling and inclusion of the software renewal in the processes).