GAO Finds 10 Key Practices for Agency Cloud Contracts

clouds

The Government Accountability Office (GAO) released a report on Thursday detailing the 10 key practices agencies should follow in creating service level agreements (SLA) with cloud service providers:

  1. Specify roles and responsibilities.
  2. Define key terms.
  3. Define clear measures for performance.
  4. Specify how and when the agency has access to its own data and networks.
  5. Specify how the cloud service provider will monitor performance and when the agency will confirm that performance.
  6. Provide for disaster recovery planning and testing.
  7. Describe performance exception criteria.
  8. Specify how providers are measured for protecting data.
  9. Determine how the provider will notify the agency of a security breach.
  10. Specify the consequences for non-compliance with SLA performance measures.

GAO performed the study to help agencies save time and money on IT investments, by determining the scope of that investment up front.

To find the 10 key practices, GAO analyzed research, studies, and guidance developed by Federal and private entities. They then reviewed 21 cloud service contracts from the Departments of Defense, Health and Human Services, Homeland Security, Treasury, and Veterans Affairs to determine why and how those agencies were implementing SLA practices.

They found that about a third of those contracts already fulfilled the 10 practices. In the report, they recommend that OMB include all 10 of these practices in their cloud recommendations to agencies.

Jessie Bur
About Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.
2 Comments
  1. Anonymous | - Reply
    Interesting that agencies weren't setting these boundaries to begin with. Wonder what the plan will be for agencies who already have existing SLAs without these points written in?
  2. Anonymous | - Reply
    It's interesting to see these 10 key practices defined by the government... they are "open-end practices" that will help to promote the IT business in both government and private sectors. In other non-civilian agencies, it's similarly called Operational Requirements that also help to grow IT business significantly also. One of the key deals in the Operational Requirements is the Interoperability...God blesses the government over these 10 key deals! It's a god's bless to have an open-minded government to make the IT business growth marvelously!

Leave a Reply


Popular

Recent