The GAO found that the five agencies and the 21 cloud services contracts it reviewed included many of the 10 key practices. In particular, of the 21 cloud service contracts passed by the Departments of Defense, Health and Human Services, Homeland Security, Treasury and ex-veteran affairs, 7 had fulfilled the 10 key practices, as shown in the figure. The other 13 contracts contained 5 or more of the 10 key practices and 1 did not involve any practices. The federal and private sector guidelines emphasize the importance of the use of a Service Level Agreement (SLA) by federal authorities as part of a contract to acquire it services through a cloud service provider. An ALS defines the level of service and performance expected by a provider, the measurement of that performance, and the enforcement mechanisms used to ensure that the levels of performance indicated are achieved. The GAO identified ten key methods to be included in alS, such as identifying.B the roles and responsibilities of key stakeholders, defining performance targets and identifying safety measures. Key practices, if properly implemented, can help agencies ensure that services are delivered effectively, efficiently and safely. Under the leadership of the Office of Management and Budget (OMB), the guidelines given to agencies in February 2012 included seven of the ten key practices outlined in this report that could help agencies ensure the effectiveness of their cloud service contracts. Your authorized agent`s successor should contact the Revenue Recapture program to update our records. Your agency may be required to amend your agreement or sign a new ALS. Comments: The Department of Defense approved our recommendation and said the department would update its cloud computing guidelines and contract guidelines. In August 2017, defence finalized its updated service level agreement guidelines in its Defence Measures Acquisition Guide, which contains the key practices mentioned in our report.
The guide contains, for example, the roles and responsibilities of all parties to the agreement, including department staff and service provider staff; performance identification by the cloud service provider, including availability. B of the service and response time; and making available how data and networks will be managed and maintained. The guidelines also specify that the applicable consequences, such as sanctions. B, should be taken into account in the event of non-compliance with performance measures. In May 2018, the defence provided evidence that the guidelines were incorporated into cloud service contracts. For example, an audit of the contract documentation of the milCloud department showed that the language was contained, that the contractor would prove that it complied with certain parts of the service level agreement, and that the cloud provider would maintain the cloud environment in accordance with current service guidelines and guidelines. Updating its guidelines for the application of these key practices will allow defence to better measure the performance of the services received more effectively and, therefore, to ensure the provision and effective implementation of the services for which it has a contract. The GAO was asked to review the use of ALS by federal authorities. The GAO`s objective was to identify (1) key practices in cloud computing-SLAs and (2) to determine the extent to which federal authorities have incorporated such practices into their SLAs.