Guidance released by the Chief Information Officers Council last week calls on agencies to improve collaboration among CIOs, privacy and contracting officers and other stakeholders when procuring cloud services.
The document, called “Creating Effective Cloud Computing Contracts for the Federal Government” outlines 10 areas where agencies can improve their internal collaborations before selecting a cloud provider.
Agencies should consider input from the CIO, general counsel, privacy and procurement offices when choosing the appropriate cloud service and how it will be provided.
“Federal agencies must ensure cloud environments are compliant with all existing laws and regulations when they move IT services to the cloud,” according to the document.
Other areas for improved collaboration:
– Defining security requirements for cloud vendors and ensuring a robust continuous monitoring program is in place.
– Ensuring that all data stored in the cloud is available under the Freedom of Information Act.
– Creating service level agreements that define performance requirements for vendors and how they will be measured.
Agencies are encouraged to include provisions in their cloud contracts that define penalties if a vendor does not meet a service level agreement. To incentivize vendors to meet these agreements, agencies should use a monetary consequence or another penalty if vendors’ services fall short of agencies’ expectations.
The guide, avialable at cio.gov, was a joint effort among the CIO and Chief Acquisition Officers councils and the Federal Cloud Compliance Committee.