RFP responses can also demonstrate quite clearly that a particular vendor doesn't even understand the question that you're asking. For example, if your company is in an industry that faces , you'll probably need to mention relevant legislation, such as GLB, HIPAA, FERPA or SOX in the RFP. If a vendor doesn't even know what those acronyms stand for, take that as a bad sign.

Vendor responses can also serve as your starting point for understanding where the cloud vendor's responsibilities will end and yours will begin. This information is essential for you to plan for the vendor management resources you'll need to have in place to monitor SLAs, recertifications, , management and other contract compliance issues.

The cloud remains a new and evolving market, so craft your RFP questions in a sufficiently granular fashion, with each requiring responses that go beyond a simple yes or no. This may make for a long list of questions, but it will go a long way toward avoiding unclear vendor responses and outright misunderstandings, and make the results of your RFP process much more useful and effective.

***

Interested in learning more about cloud computing risk mitigation via contract negotiation and vendor management? Then please sign up for my seminar Contracting for Cloud Computing Services, Oct. 29-30, in Washington, D.C. I look forward to seeing you there.