MHC Tech Law: Can SLALOM transform cloud computing contracts and SLAs?


19 Sep 201610 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Unlike this tricky course, the goal of the European Commission’s SLALOM initiative is to make cloud contracts less challenging. Image: MilanTomazin/Shutterstock

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

What is SLALOM? Why is it needed? And how will it affect cloud businesses? Mason Hayes & Curran has the answers.

SLALOM (service level agreement legal and open model) is an initiative established by the European Commission to develop standardised, ready-to-use contract terms and service level agreement (SLA) specifications for cloud services.

The Commission, and its group of industry experts, wants to establish a baseline of fair, transparent and understandable templates and guidelines aimed at increasing the uptake of cloud services and making it easier for customers to migrate efficiently to the cloud.

But why is SLALOM needed? And will the voluntary SLALOM guidelines practically affect European businesses buying or selling cloud services?

Inspirefest 2017

Background to SLALOM

SLALOM builds on the earlier European Commission Cloud Select Industry Group standardised guidelines for cloud computing service level agreements that we reported on earlier this year.

SLALOM is designed for use by both cloud providers and customers. Cloud service providers can adopt the SLALOM contract terms and SLA specifications and use them as a base for their own contractual clauses and technical specifications. Customers looking to adopt a cloud service can use SLALOM as a fair and balanced benchmark to compare contract terms or SLAs offered by various providers.

Problem with existing cloud terms 

Over the last few years, the number of providers offering cloud computing services and the range of cloud services available have significantly increased. This has resulted in providers flooding the market with a variety of complex contract terms and SLAs.

In many cases, customers lack knowledge about what are fair and reasonable contractual terms and service levels.

In addition, providers often use their own specific contracts with varying terminology. This approach increases the cost of reviewing and drafting and makes it more difficult to compare offerings from different providers.

The lack of consistency also makes it challenging for customers to know exactly what they are signing up to and where liabilities and responsibility for cloud service delivery lie.

Advantages of SLALOM 

The SLALOM terms and specifications for cloud computing have a number of advantages over traditional cloud provider-drafted documents. These include:

  • Simple drafting: Although most cloud contracts in the market are complex, SLALOM terms are clear and drafted in plain English. They also come with guidance documents that help explain things and provide useful examples.
  • Fair and balanced: SLALOM terms are designed to be safe, fair and independent. Neither providers nor customers are given any hidden advantage.
  • Flexible universal starting point: SLALOM terms are flexible and a great starting point for negotiations. They can also be adapted to suit different scenarios.
  • Consistency: SLALOM terms are consistent and standard, which reduces uncertainties and ensures customers know where they stand when transitioning into the cloud.
  • ISO compliant: SLALOM terms align with the ISO standards on cloud.

SLA metrics and parameters

The core SLA specification of SLALOM breaks down the typical metrics and parameters in a cloud SLA and sets out a suggested middle ground. Some of the key concepts in the performance and availability section include:

  • Availability: The SLA should clearly define service availability in a complete and measurable way. This will enable customers to make a fair comparison across different cloud providers. The provider should schedule acceptable downtime and notify the customer reasonably in advance (one week). The provider should reasonably limit acceptable downtime – for example, 5pc of the total time may be reasonable. The parties should determine valid interruption of availability on an agreed period of continuing measurements indicating unavailability. SLALOM proposes 60 seconds.
  • Performance – incident response time: This concept describes the time it takes the provider to acknowledge the customer’s issue in a non-automated way. This metric should be explicitly included in an SLA. It is important to clearly define working hours or days and ensure customers know that only these working hours count toward the provider’s response time.
  • Performance – incident resolution time: A key issue is that typical cloud SLAs in the market rarely address this metric. SLAs should include this metric as it provides customers whose business may rely on the cloud service, with transparency on the time that the provider will take to resolve an incident from the time it is reported.
  • Benchmarking: Benchmarking of the cloud service against similar services offered by the provider’s competitors should use specific tests that produce meaningful results that the customer can understand. Any benchmarking process should be repeated periodically and in a manner that covers different time zones or usages of cloud services (for example, business hours, entertainment hours, etc).
  • Monitoring: The provider should have responsibility to monitor the cloud service. The customer should have the right to monitor remotely, or through a third party. The customer should also have the right to audit the provider’s own monitoring.
  • Reporting: The provider should regularly produce detailed reports of service outages and metric calculations to customers – for example, each billing cycle or monthly billing cycles – so that service level defaults and service credit entitlement can be assessed.

The SLA technical specification also sets out key issues in connection with acceptable use, data protection, data management and the responsibilities of the parties in relation to security measures, including authentication, backup and recovery, and encryption.

Transforming cloud contracts and SLAs

At a basic level, the various industry experts who came together to prepare SLALOM have created a useful catalogue of the risks inherent in cloud computing contracts and SLAs. However, it is not certain at this early stage whether the SLALOM contract terms and SLA are the “major step forward” that will “level the playing field” as the European Commission advocates.

SLALOM is only a voluntary reference guide that providers are free to reject. Certain providers may see their cloud offering as a commoditised service for which they are not willing to negotiate the crontact terms or SLA with individual customers.

There are also many different types of cloud computing services in the market and such a range of different industry sectors acquiring cloud services. Thus it will be difficult, if not impossible, to get all stakeholders to agree to a ‘one size fits all’ format.

If a provider decides not to adopt the SLALOM terms in favour of using their own bespoke SLA, our guide to negotiating a provider’s standard SLA can help to untangle the terminology and metrics.

Despite these reservations, at the very least, the SLALOM’s legal and technical reference models provide clarity in relation to where the challenges arise in cloud contracts. Providers will have the opportunity to base some or all of their contractual terms and SLAs on SLALOM and use this as a unique selling point. Customers can refer to SLALOM to better understand the SLAs a provider is offering.

SLALOM will also allow customers to distinguish between the legal and technical offerings of different providers, as opposed to simply deciding between different providers based on price, as many customers currently do.

The content of this article is provided for information purposes only and does not constitute legal or other advice.

Tech Law is a weekly series brought to you by Irish law firm Mason Hayes & Curran, whose legal tech team advises the world’s top social media organisations and emerging start-ups. Contact a member of the MHC Technology team or visit www.mhc.ie for more information.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.