Information Technology Reference
In-Depth Information
visable that the provider accepts to follow and to implement a security strategy
aimed to protect customer's data at multiple levels (i.e. mainly data security,
data integrity, data privacy). Furthermore, the Grid/Cloud supplier should apply
security tools to his systems and should commit himself to maintain the cus-
tomer's data on secured servers (e.g. located in a custom-built data centre with
full physical access control). If the business carried out by the customer concerns
extremely valuable data (e.g. financial, medical, etc), the SLA may and should
list the names of the employees authorised to have access to the servers. From a
different perspective, the customer may have reasons to require that the provider
uses only his servers and that he does not outsource Grid or Cloud capacity to
other providers, thus limiting the security risks. This may appear to be against the
rationale behind Grid (and Cloud) computing paradigm, but it can be reasonable
when losing or damaging customer's data could cause serious damage.
5.
Fees
: this clause will regulate the prices that the customer will pay to the provider
for the supply of Grid/Cloud services.
6.
Support services
: these are particularly important for the client in order to mini-
mise the damages in case of failures in the provision of the services, and it is ad-
visable that the provider commits himself to respect a certain response time and
to be available to solve problems as much and as quickly as possible (e.g. on a
24/7 basis). This also applies to disaster recovery, which should be done as soon
as possible by the supplier. The lack of contractual obligations for the provider to
do so may result in enormous damages for the customer without the possibility
to claim compensation.
Provided this minimum necessary content is in the SLA (or other contract as appli-
cable), the reader should be aware of some remarks as regards the validity of the
agreement, more specifically the legal requirements to respect in order to have a
contract which is valid and enforceable. This is a matter of national law, and there-
fore every jurisdiction sets specific rules in the field. Nevertheless, without entering
into further details, it is possible to say that an offer made by the offeror followed by
the acceptance of the offeree, together with the will to enter into an agreement, and
provided that the parties have the necessary legal capacity required by the applicable
law, is a valid contract (Beale et al. 2002). An additional requirement is the cause
(in some civil law countries, like France, Italy, Belgium, etc) and the considera-
tion (in common law jurisdictions, e.g. England and the United States): the former
can be defined as the economic reasons behind the contract (e.g. payment of a fee
in exchange for a service or good), while the latter can be described as “what the
promise gives the promisor to induce the promise”
2
(Beale et al. 2002).
Special attention should be devoted to the legal capacity of the person who signs
the contract, more specifically the employee or director who enters into an agree-
ment on behalf of his company should have the power to do this. A contract signed
by a person with no legal capacity can be, depending on the applicable law and on
2
“The delivery of a car, the painting of a house, or a promise to deliver crops may be consid-
eration for a promise of future payment.” (Cooter and Ulen 2004)
