Legal Risk Management
Services are evaluated based on the legal protections offered to users. Legal Risks are assessed based on elements such as jurisdictional location, contractual indemnity, IP ownership, and privacy policy
Legal Risk Attributes
The Legal Risk score is calculated out of the following categories, attributes, and values defined by Skyhigh CASB.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Export / Import | Service in ITAR List |
Is the cloud service provider listed in the International Traffic and Arms Regulations (ITAR) listing of Directorate of Defense Trade Controls (DDTC) certified providers? For details, see the ITAR DDTC list at https://www.pmddtc.state.gov/embargoed_countries/ |
10 - No 50 - Not publicly known 60 - Yes |
| Legal Protection | Legal Indemnity | How is legal indemnity handled with cloud service provider per its terms of use? | 10 - SP indemnifies customer until infringement by 3rd party 10 - Customer indemnifies SP until infringement by 3rd party 20 - SP indemnifies customer until violation of terms of use 20 - Customer indemnifies SP until violation of terms of use or IP infringement 20 - SP indemnifies customer until violation of these Terms and IP infringement 20 - Negotiated Terms 30 - Customer indemnifies SP until violation of terms 30 - Mutual Indemnification 30 - Blanket Indemnity 50 - Not publicly known 50 - Undefined |
| Geography | Jurisdictional Location | Where is the geographical legal jurisdiction for the cloud service provider to make legal decisions and judgments? | 10 - US 10 - Europe 20 - Negotiated Terms 30 - APAC 30 - Depends on customer location 50 - Others 80 - Not publicly known 80 - Undefined |
| Conflict | Dispute Resolution | How are disputes handled between the cloud service provider and clients? | 10 - At customer location 20 - Negotiated Terms 30 - Arbitration 40 - Exclusively in SP state/country only 60 - Not publicly known 60 - Undefined |
| Contract | Account Termination Policy | What are the grounds for account termination with the cloud service provider? | 10 - Customer choice only 10 - Customer Choice or On Infringement of TOU/Non-Payment 10 - Both Customer and SP can terminate 20 - Negotiated Terms 30 - On infringement of contract terms 40 - Not publicly known 40 - Undefined 60 - SP but with/without notice period 80 - Sole discretion of SP |
| Intellectual Property | IP Ownership Policy | What are the specified definitions of intellectual property ownership in the terms of use for the cloud service provider? | 10 - Customer Owns 30 - Not publicly known 30 - Undefined 60 - SP Owns |
| Terms of Use | Statute of Limitations | What is the statute of limitations specified for the cloud service provider that restricts the time within which legal proceedings might be brought? | 10 - Multiple Years 20 - 1 Year 20 - Negotiated Terms 50 - Not publicly known 60 - Undefined 70 - None specified in ToU |
| Terms of Use | Privacy Policy | What kind of privacy policies are applied for disclosure and managing of customer data that the cloud service provider gathers? | 10 - Does not collect PII 20 - Collects data and does not share with 3rd party 30 - Shares only on subpoena or applicable laws 30 - Negotiated Terms 40 - Collects and shares with 3rd party on customer's consent and on subpoena or applicable laws 40 - Undefined 50 - Collects and shares with 3rd party and on subpoena or applicable laws 50 - Collects and shares with 3rd party on customer's consent 70 - Not publicly known 90 - Collects and shares with 3rd party |
| Terms of Use | Service Adherence to Copyright Controls | What are the copyright controls adhered to by the cloud service provider? | 20 - DMCA 40 - Others 60 - Not publicly known 70 - Undefined |
| Export / Import | Service in USTR List | Is the cloud service provider listed in the U.S. Trade Representatives (USTR) notorious markets list? | 10 - No 50 - Not publicly known 60 - Yes |
| Terms of Use | Penalty on SLA | Does the SLA define penalties when the service provider does not meet the agreed service levels? | 10 - Percentage of contract 30 - Capped to amount of contract 50 - Undefined 60 - Capped to a fixed amount 80 - None specified in SLA |