GAO says mostly good news on cloud contracts

The elements of good cloud contracts are tenfold, and several major federal projects hit all 10 of the marks, according to an April 7 report from the Government Accountability Office.

David Powner, director of IT management issues at GAO, told FCW the report is something of a success story.

Tasked with examining service-level agreements for cloud acquisitions, GAO reviewed projects at five agencies and determined 10 best practices. Of the 21 contracts auditors reviewed, a full third met every best practice. Most of the other projects' SLAs met a majority of best practices.

Success was spread unevenly, however. The Homeland Security and Treasury departments had multiple cloud contracts that met all the best practices, while the departments of Defense and Health and Human Services had none.

GAO found that Office of Management and Budget guidance only covers seven of the 10 best practices, and auditors recommended that OMB issue updated SLA guidance to reflect the neglected trio: how and when agencies can access their own data, particularly when it comes to ending contracts; disaster recovery; and service exceptions, such as maintenance periods.

GAO said OMB did not comment on the report.

"Given the importance of SLAs to the management of these million-dollar service contracts, agencies can better protect their interests by incorporating the pertinent key practices into their contracts in order to ensure the delivery and effective implementation of services they contract for," the report states. "In addition, agencies can improve management and control over their cloud service providers by implementing all recommended and applicable SLA key practices."