SLA Ammendments

Non-exclusivity
Clause 6 on non-exclusivity needs to be addressed. The lack of information here pertaining to the non-exclusivity of the 3 companies involved can be a huge security issue. The data being used here will not be exclusive to only one company, but rather all 3. However, provisions will need to be in place to where the data is shared only between these 3 companies, and not used for any other reason. Finman would best protect its data by limiting the amount exposed to Datanal and Minertek. The data exposed should only be limited to exactly what is needed to complete the project. Finman should create a data pool that will only be used for the duration of the SLA, and that will only encompass the work effort between the 3 companies.

This can be accomplished by creating a network of servers and limiting access only to specific personal of the 3 companies involved, and a duration that the information can be shared. Once the project is over, the servers should be shut down until the time comes to destroy the involved data. The information collected and shared during the duration of the SLA will NOT be allowed to be transmitted, shared, displayed or reproduced without signed consent of Finman. Legal penalties will be involved should any data be used outside of the scope of this SLA. This set of standards will help protect Finman’s data by limiting the exposure of data created and used, data shared, and data retention during the duration of this SLA. Personal Conduct

This section is vague on its intentions. Statements such as “highest standards” and “particular precautions” are not clear on how they apply to this specific case. Each company should have specific standards, all agreed upon, on how they will interact and handle the shared data, and communications involved with it. This is one small step in protecting Finman’s patents, copyrights and intellectual property.

In Europe there is an act that helps to ensure intellectual property. The Copyrights and Rights Database Regulations (CRDR) was created in the United Kingdom. Charles Goldblatt reports that “A special breed of protection for databases was implemented in the UK by the Copyright and Rights in Databases Regulations 1997 (“Database Regulations”), following the passage of Council Directive 96/9/EC of 14 March 1996; this directive applies Europe, and required member states to implement their own local law to give effect to the directive for the legal protection of databases.” Hosting the servers in this region would allow the information to be covered under this act. The CRDR provides a fifteen year protection of information for all data located in the databases, and due to the standards set by the SLA, the data collected will be destroyed before the protection of CRDR is complete. Metrics and Quality

The metrics here and are not defined. I would define these metrics in the SLA rather than just say they are defined, which will need to be agreed upon by all 3 parties. The progress can then be judged as time goes by according to these metrics. If at any time Finman feels, and can prove, that Datanal and Mintertek are not meeting the requirements set by these metrics, Finman can cancel the SLA. I would also remove the entire second paragraph in the metrics clause due to its lack of relevance pertaining to the SLA.

The quality section can be added to the metrics section, and the metrics will define the quality of the work. I’d also remove the statement about quality of effort. Quality of effort is irrelevant if the metrics are not being met. Additional Recommendations and Justification for Data Protection

With Datanal bringing the vast knowledge of IT expertise into the organization, I’d like to recommend a few changes to the network that will increase the protection of data. Datanal will establish an access control list (ACL) system to only allow approved users to access specific areas of the network. All data will be compartmentalized, and on a need to know basis. Data storage integrity will be addressed in regards to a backup solution. All servers storing data between the 3 companies will be backed up and encrypted on a daily basis for the duration of the SLA. Scheduled incremental backups will run every 6 hours, and the data backed up will be backed up to a separate location for redundancy.

Data restoration drills will be ran bi-weekly to ensure that the data being backed up can and will be restored in a timely efficient manner. Encryption offers an extra layer of security in such that if the network was breached, the invader would need a specific key to be able to translate the data, or if the data was copied over, they would still need to the key to be able to translate the data later on. These additional steps ensure that data is securely protected from malicious activities as well as protected in terms of disasters or hardware malfunction. Additional Recommendations and Justification for Intellectual Property

As soon as the service level agreement is enacted, an audit needs to be done of Finman’s intellectual property. All trademarks, copyrights and patents need to be accounted, and registered, with the proper intellectual property authorities in each of the countries that the companies will be conducted business in seeing as how laws pertaining to intellectual property vary through each country. A cost/benefit analysis should also be performed to determine the measure of protection needed for Finman. An initial training program will be held for all parties pertaining to the handling of intellectual property, encompassing best practices and all types of infringement, as well as the repercussions of infringements, including prosecutorial action. All users will be made aware of law pertaining to the location of which region they will be working. There will also be quarterly meetings held to reiterate such procedures, and to make sure everyone is still in compliance and is following proper procedure.

Another recommendation would be to take the methodology used by all the Finman, Datanal and Mintertek, and patent the process for use, or non-use. This process would not have been made possible without key components of Finman’s intellectual property and the knowledge of how to leverage existing technologies. Patenting this process will prove to protect their investment from anyone trying to unlawfully use their work efforts. It also may prove to be beneficial in the case of someone in the future wishing to lease the patent. As a modification, it will be inserted that the process developed between Finman, Datanal and Minertek will be the property of Finman, and will not be able to be used or replicated outside of the scope of this SLA, or beyond the duration.

A non-disclosure agreement will be developed and performed by an outside party binding all 3 companies in compliance not to distribute any data produced in the scope of the SLA. They should all have signed notarized copies of the agreement as well.

The non-disclosure agreement and training will add a layer of security to help protect unauthorized disclosure of Finman’s intellectual property. This protects Finman, and the intellectual property held by the company, and gives him rights to lawfully follow suit should anyone in the agreement infringe on any aspects of the SLA.

References
Goldblatt, C. (2013, November 9). Database Right. Retrieved September 15, 2014, from http://www.drukker.co.uk/publications/reference/database-right/#.VBb0XBawV8E