Contracting effectively for cloud-based services


Cloud-based services are typically described along two axis: by location (Public, Private or Hybrid); and by service type (Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS)). Regardless of the location or service type, service providers will promise that cloud can deliver organisational, financial, technological and service performance benefits, as follows:

  • Cost: a flexible, utility based, ‘pay for what you use’ charging model, alongside decreased capital requirements for infrastructure;
  • Business Resilience: an increase in the security and resilience of customer data with many copies of data securely stored across multiple sites, significantly decreasing the likelihood of lost data or service outages;
  • Functionality: fully managed software and security lifecycle, including patches, enhancements and upgrades;
  • Compliance: service provider managed compliance with data handling regulations, reducing the customer’s management overhead associated to compliance;
  • Environmentally friendly: reduced power requirements by dynamically allocating computing resource when needed.

It is widely accepted that the adoption of business critical cloud-based solutions will continue to grow as organisations seek to realise the benefits of cloud, and technology providers look to only offer cloud-based solutions. Businesses therefore are increasingly relying on the cloud to host business critical applications and data, shifting the dynamic and risk of early cloud-based contracting from departmental to organisational and board level assessments.


Key challenges

The benefits promised by cloud can degrade or fail to materialise if services are not appropriately specified or contracted for in the right way, which in turn can lead to businesses facing risks that they had not anticipated. Key questions that executives should ask their commercial and contracting teams include:

  • Where cloud and on premise solutions are integrated, and when there are system outages, who has responsibility for root cause analysis and remediation, who carries the cost and how will the impacted SLAs be measured?
  • Are the services clearly defined? Are the service provider’s KPIs aligned to the objectives of the business case? How do benefits scale when service requirements change?
  • What are the termination scenarios and exit management processes described and are they well defined so as to ensure seamless transition and continuity of service? Are there clear definitions of the service provider’s obligations in exit?
  • Does the agreement provide adequate financial, operational and legal controls and protection in the event of a data breach, including the impact of GDPR obligations?
  • Have contractual obligations with customers that prevent their data being stored in the cloud outside of the UK or EU, been scoped and captured within the cloud agreement?
  • How will the internal IT organisation transform to support an enterprise wide cloud-based solution? Does the retained organisation have the skills, capability and governance processes in place to effectively manage cloud solutions?

If these questions are not adequately addressed, then the service provided is unlikely to provide the organisational benefits promised by cloud and the ability to enforce compliance or exit could be at risk.

How we can help

Blending industry, technical, commercial and assurance skills, our specialists have the expertise to help you identify your requirements, the requirements of your industry, and work with you to select and contract with your chosen cloud service provider. Add to that PwC’s industry leading expertise on areas such as GDPR and data regulation, that may be impacted by the adoption of cloud, and we are confident that we can support your organisation through this exciting change. We work with clients through the strategy, scoping and service provider selection, and provide independent challenge and scrutiny during thorough commercial and contractual negotiations. 


Contact us

Qadir Marikar

Partner – Commercial Assurance National Lead, PwC United Kingdom

Tel: +44 (0)7718 928 344

Richard Gott

Director – Commercial Assurance Technology and Utilities Lead, PwC United Kingdom

Tel: +44 (0)7881 612572

Jonathan Calver

Senior Manager – Commercial Assurance, PwC United Kingdom

Tel: +44 (0)7725 445892

Adam Turnbull

Manager, Commercial Assurance, PwC United Kingdom

Tel: +44 (0)7540 859 164

Follow us