1
00:00:00,270 --> 00:00:01,920
Common agreements.

2
00:00:01,920 --> 00:00:02,820
In this video,

3
00:00:02,820 --> 00:00:04,920
we're going to discuss common types of agreements

4
00:00:04,920 --> 00:00:06,960
that are used in our enterprise networks.

5
00:00:06,960 --> 00:00:07,890
Some common agreements

6
00:00:07,890 --> 00:00:10,800
are things like non-disclosure agreements, or NDAs;

7
00:00:10,800 --> 00:00:13,080
a memorandum of understanding, or MOU;

8
00:00:13,080 --> 00:00:15,750
and a service-level agreement, an SLA.

9
00:00:15,750 --> 00:00:19,170
First, we have non-disclosure agreements, or NDAs.

10
00:00:19,170 --> 00:00:20,580
Now, a non-disclosure agreement

11
00:00:20,580 --> 00:00:22,800
is a documented agreement between two parties

12
00:00:22,800 --> 00:00:25,050
that define what data is considered confidential

13
00:00:25,050 --> 00:00:28,020
and cannot be shared outside of that relationship.

14
00:00:28,020 --> 00:00:30,210
Now, NDAs are often used by organizations

15
00:00:30,210 --> 00:00:31,950
to protect their intellectual property,

16
00:00:31,950 --> 00:00:32,783
and they're either going to be

17
00:00:32,783 --> 00:00:34,320
between two different organizations

18
00:00:34,320 --> 00:00:37,350
or between an organization and its employee.

19
00:00:37,350 --> 00:00:38,850
Now, why would an organization

20
00:00:38,850 --> 00:00:41,490
require their employee to sign an NDA?

21
00:00:41,490 --> 00:00:43,020
Well, it's because those NDAs

22
00:00:43,020 --> 00:00:45,390
can be a form of non-competitive clauses

23
00:00:45,390 --> 00:00:47,370
inside of an employment agreement,

24
00:00:47,370 --> 00:00:49,650
or the company might fear that that employee

25
00:00:49,650 --> 00:00:50,640
might take the information

26
00:00:50,640 --> 00:00:52,020
they're learning from the organization

27
00:00:52,020 --> 00:00:53,730
and go off and start their own business

28
00:00:53,730 --> 00:00:55,740
or disclose it to their competitors.

29
00:00:55,740 --> 00:00:57,720
Now, if two organizations are working jointly

30
00:00:57,720 --> 00:00:59,430
on a project, system or network,

31
00:00:59,430 --> 00:01:02,280
they can also utilize a non-disclosure agreement.

32
00:01:02,280 --> 00:01:03,420
This allows the companies

33
00:01:03,420 --> 00:01:05,160
to share the type of data they need to

34
00:01:05,160 --> 00:01:06,510
in order to develop this product

35
00:01:06,510 --> 00:01:07,950
without fear that the other company

36
00:01:07,950 --> 00:01:09,840
is going to steal their trade secrets.

37
00:01:09,840 --> 00:01:11,790
Keep in mind, though, a non-disclosure agreement

38
00:01:11,790 --> 00:01:15,000
is an administrative control, not a technical control.

39
00:01:15,000 --> 00:01:16,440
There is nothing in the system

40
00:01:16,440 --> 00:01:18,000
that is going to prevent one of these people

41
00:01:18,000 --> 00:01:21,360
from sending data to the others if all you have is an NDA.

42
00:01:21,360 --> 00:01:24,330
You only have the word and signature on that piece of paper

43
00:01:24,330 --> 00:01:26,010
that promises not to do it.

44
00:01:26,010 --> 00:01:27,840
Now, if you want to get some technical controls

45
00:01:27,840 --> 00:01:29,130
involved with an NDA,

46
00:01:29,130 --> 00:01:32,670
you can do that using a DLP, or data loss prevention system.

47
00:01:32,670 --> 00:01:35,160
But the DLP is the technical control,

48
00:01:35,160 --> 00:01:37,560
not the NDA, in that case.

49
00:01:37,560 --> 00:01:40,410
An NDA is considered a legally binding agreement,

50
00:01:40,410 --> 00:01:42,570
and it carries penalties for breaking the NDA,

51
00:01:42,570 --> 00:01:45,270
including fines, forfeiture of intellectual property rights,

52
00:01:45,270 --> 00:01:48,330
or even jail time in some extreme circumstances.

53
00:01:48,330 --> 00:01:50,610
Next, we need to discuss an MOU,

54
00:01:50,610 --> 00:01:52,800
or memorandum of understanding.

55
00:01:52,800 --> 00:01:54,180
A memorandum of understanding

56
00:01:54,180 --> 00:01:57,420
is a non-binding agreement between two or more organizations

57
00:01:57,420 --> 00:02:00,390
to detail what common actions they intend to take.

58
00:02:00,390 --> 00:02:02,370
Essentially, this is a formal version

59
00:02:02,370 --> 00:02:03,690
of a gentleman's agreement,

60
00:02:03,690 --> 00:02:05,070
because it's actually written down

61
00:02:05,070 --> 00:02:06,630
and signed by both parties

62
00:02:06,630 --> 00:02:09,150
and it isn't really legally enforceable.

63
00:02:09,150 --> 00:02:11,280
Essentially, this is like a handshake deal,

64
00:02:11,280 --> 00:02:13,110
but slightly more formalized

65
00:02:13,110 --> 00:02:15,600
because we wrote it down and we both signed it.

66
00:02:15,600 --> 00:02:17,400
For example, if you and I both agree

67
00:02:17,400 --> 00:02:18,750
that we were going to go into business together

68
00:02:18,750 --> 00:02:20,040
on a joint project,

69
00:02:20,040 --> 00:02:22,590
we could create an MOU that outlines what things

70
00:02:22,590 --> 00:02:24,720
each of us is going to be responsible for doing.

71
00:02:24,720 --> 00:02:27,450
So you might say that you're going to do A, B, and C;

72
00:02:27,450 --> 00:02:29,340
and I'm going to handle X, Y, and Z.

73
00:02:29,340 --> 00:02:31,530
We would write that down inside of an MOU.

74
00:02:31,530 --> 00:02:32,363
We could sign it,

75
00:02:32,363 --> 00:02:35,160
and then, at any time, we could look back on that document

76
00:02:35,160 --> 00:02:36,847
if we have a disagreement in the future and say,

77
00:02:36,847 --> 00:02:39,307
"But hey, you said you were going to handle item B,

78
00:02:39,307 --> 00:02:41,197
"and I said I was going to handle item Y.

79
00:02:41,197 --> 00:02:42,847
"But if I didn't do item Y,

80
00:02:42,847 --> 00:02:45,037
"you can't sue me just because I didn't finish it,

81
00:02:45,037 --> 00:02:47,970
"because this agreement is non-binding."

82
00:02:47,970 --> 00:02:49,710
Now, a memorandum of understanding

83
00:02:49,710 --> 00:02:52,200
is often referred to as a letter of intent

84
00:02:52,200 --> 00:02:54,030
because, again, it's an intent to do something,

85
00:02:54,030 --> 00:02:55,920
it's not a requirement to do it.

86
00:02:55,920 --> 00:02:58,230
It's often going to be used within an organization

87
00:02:58,230 --> 00:03:00,510
by two or more smaller internal divisions

88
00:03:00,510 --> 00:03:03,210
because of this non-binding legal status.

89
00:03:03,210 --> 00:03:05,430
So for example, I used to be the director

90
00:03:05,430 --> 00:03:08,280
of an IT department for a really large organization,

91
00:03:08,280 --> 00:03:10,440
and I was responsible for managing the service desk

92
00:03:10,440 --> 00:03:12,240
as part of my responsibilities.

93
00:03:12,240 --> 00:03:14,190
Now, my service desk provided assistance

94
00:03:14,190 --> 00:03:17,430
to several thousand employees across multiple countries.

95
00:03:17,430 --> 00:03:18,900
There was one critical business unit

96
00:03:18,900 --> 00:03:21,870
that wanted to have at least one tier two service desk agent

97
00:03:21,870 --> 00:03:24,510
located in their specific building at all times

98
00:03:24,510 --> 00:03:26,430
because their building was a little bit further away

99
00:03:26,430 --> 00:03:27,930
than our headquarters was.

100
00:03:27,930 --> 00:03:30,330
Now, this way, if something went offline in the network,

101
00:03:30,330 --> 00:03:32,460
that tier two agent didn't have to get in their car

102
00:03:32,460 --> 00:03:34,740
and drive from the headquarters to this branch office,

103
00:03:34,740 --> 00:03:36,120
which was about an hour away.

104
00:03:36,120 --> 00:03:37,680
And that way, they could immediately start

105
00:03:37,680 --> 00:03:38,700
the restore process

106
00:03:38,700 --> 00:03:40,590
because they're already sitting in the building.

107
00:03:40,590 --> 00:03:42,390
Now, I thought this was a pretty good idea,

108
00:03:42,390 --> 00:03:45,240
so we agreed to it and we wrote up an MOU.

109
00:03:45,240 --> 00:03:47,310
The leader of that part of the organization and I

110
00:03:47,310 --> 00:03:49,170
both wrote down what we were going to do.

111
00:03:49,170 --> 00:03:50,310
I said, I'm going to provide

112
00:03:50,310 --> 00:03:52,650
one full-time tier two service desk agent,

113
00:03:52,650 --> 00:03:54,540
and I'm going to have them do all their daily functions

114
00:03:54,540 --> 00:03:55,950
out of your building.

115
00:03:55,950 --> 00:03:58,830
In return, they said they would provide my tier two agent

116
00:03:58,830 --> 00:04:01,560
with a small office and a dedicated parking spot.

117
00:04:01,560 --> 00:04:03,960
We both wrote all this up, we put it in the MOU,

118
00:04:03,960 --> 00:04:04,980
and we signed it.

119
00:04:04,980 --> 00:04:07,140
This way, we were able to minimize the time to repair

120
00:04:07,140 --> 00:04:08,670
for lots of critical issues

121
00:04:08,670 --> 00:04:10,320
that happened at this business unit

122
00:04:10,320 --> 00:04:12,510
because the guy was already sitting in that building

123
00:04:12,510 --> 00:04:14,040
as a tier two agent.

124
00:04:14,040 --> 00:04:17,190
Now, this wasn't a binding agreement on either of our parts.

125
00:04:17,190 --> 00:04:19,019
Any time I could have said, you know what,

126
00:04:19,019 --> 00:04:21,240
I think I need Tom to come back to the main office,

127
00:04:21,240 --> 00:04:22,530
and I can't have him sit in your office

128
00:04:22,530 --> 00:04:24,000
five days a week anymore.

129
00:04:24,000 --> 00:04:26,490
Or, maybe I need to have Tom work out of the headquarters

130
00:04:26,490 --> 00:04:27,720
for Mondays and Tuesdays,

131
00:04:27,720 --> 00:04:28,980
but on Wednesday, Thursday and Friday,

132
00:04:28,980 --> 00:04:30,360
he can work in your unit.

133
00:04:30,360 --> 00:04:33,120
Now, the other business unit leader couldn't really complain

134
00:04:33,120 --> 00:04:34,470
because he had no way of forcing me

135
00:04:34,470 --> 00:04:35,700
to keep Tom in that building

136
00:04:35,700 --> 00:04:37,710
for all 40 hours every single week

137
00:04:37,710 --> 00:04:41,130
because we had this MOU, which is non-binding.

138
00:04:41,130 --> 00:04:43,500
Now, this MOU does give us some formality

139
00:04:43,500 --> 00:04:46,200
to our agreement that we had made between the two directors.

140
00:04:46,200 --> 00:04:47,550
This was the director of operations

141
00:04:47,550 --> 00:04:49,350
and myself, as the IT director.

142
00:04:49,350 --> 00:04:52,380
But at any time, we could modify it or break it

143
00:04:52,380 --> 00:04:54,480
without any serious consequences.

144
00:04:54,480 --> 00:04:56,910
As I said, MOUs are usually used internally

145
00:04:56,910 --> 00:04:59,910
between two business units, as in my previous example,

146
00:04:59,910 --> 00:05:01,740
but they can also be used externally

147
00:05:01,740 --> 00:05:03,150
between your organization

148
00:05:03,150 --> 00:05:05,220
and one or more other organizations.

149
00:05:05,220 --> 00:05:06,870
There are some consortiums out there

150
00:05:06,870 --> 00:05:08,580
that have multi-party MOUs

151
00:05:08,580 --> 00:05:10,740
with five or six or seven organizations

152
00:05:10,740 --> 00:05:11,610
that all come together

153
00:05:11,610 --> 00:05:14,070
to do a common thing or a common goal.

154
00:05:14,070 --> 00:05:16,410
But remember, it is not legally binding

155
00:05:16,410 --> 00:05:17,880
when you're dealing with MOUs,

156
00:05:17,880 --> 00:05:19,020
so at any time,

157
00:05:19,020 --> 00:05:21,180
these partner organizations could simply leave,

158
00:05:21,180 --> 00:05:23,130
and there'd be no consequences.

159
00:05:23,130 --> 00:05:26,430
Next, we have a service-level agreement, or SLA.

160
00:05:26,430 --> 00:05:28,920
Now, a service-level agreement is a documented commitment

161
00:05:28,920 --> 00:05:30,870
between a service provider and a client

162
00:05:30,870 --> 00:05:33,600
where the quality, availability and responsibilities

163
00:05:33,600 --> 00:05:35,700
are agreed upon by both parties.

164
00:05:35,700 --> 00:05:37,860
Service-level agreements are primarily concerned

165
00:05:37,860 --> 00:05:38,940
with the ability to support

166
00:05:38,940 --> 00:05:41,370
and respond to problems within a given timeframe

167
00:05:41,370 --> 00:05:43,320
while providing the agreed upon level of service

168
00:05:43,320 --> 00:05:44,700
to your end users.

169
00:05:44,700 --> 00:05:47,160
If you work in the IT service management realm already,

170
00:05:47,160 --> 00:05:50,250
you are probably already familiar with SLAs.

171
00:05:50,250 --> 00:05:52,620
SLAs are going to be used to provide a written agreement

172
00:05:52,620 --> 00:05:54,480
for not only the security priorities,

173
00:05:54,480 --> 00:05:57,600
but also, more importantly, your operational priorities.

174
00:05:57,600 --> 00:05:59,610
It also is going to outline the responsibilities,

175
00:05:59,610 --> 00:06:01,140
guarantees, and warranties

176
00:06:01,140 --> 00:06:03,210
for a given service and its components.

177
00:06:03,210 --> 00:06:05,640
For example, in one of my previous organizations,

178
00:06:05,640 --> 00:06:07,320
we didn't want to keep a bunch of extra switches

179
00:06:07,320 --> 00:06:09,030
and routers in our supply closet

180
00:06:09,030 --> 00:06:10,290
in case one of them broke.

181
00:06:10,290 --> 00:06:11,430
This would be really expensive,

182
00:06:11,430 --> 00:06:13,380
all this extra gear just sitting there.

183
00:06:13,380 --> 00:06:15,690
So we opted to have a service-level agreement

184
00:06:15,690 --> 00:06:17,040
in place with our supplier,

185
00:06:17,040 --> 00:06:19,800
and that agreement said if a router or switch failed

186
00:06:19,800 --> 00:06:22,230
and we couldn't get back online within 10 minutes,

187
00:06:22,230 --> 00:06:23,730
they would bring us a new device

188
00:06:23,730 --> 00:06:25,950
within four hours of the outage.

189
00:06:25,950 --> 00:06:27,330
Now, these service-level agreements

190
00:06:27,330 --> 00:06:29,550
can really help bring some predictability

191
00:06:29,550 --> 00:06:31,350
to an otherwise hard-to-predict area,

192
00:06:31,350 --> 00:06:33,480
like, when will a device fail?

193
00:06:33,480 --> 00:06:35,250
SLAs can be really good in this case,

194
00:06:35,250 --> 00:06:37,050
but only if your service provider

195
00:06:37,050 --> 00:06:39,390
is going to live up to their end of the agreement.

196
00:06:39,390 --> 00:06:41,910
Now, another place you're often going to see SLAs

197
00:06:41,910 --> 00:06:43,590
is in regard to your internet connections

198
00:06:43,590 --> 00:06:45,480
or when dealing with internet service providers

199
00:06:45,480 --> 00:06:47,190
or cloud service providers.

200
00:06:47,190 --> 00:06:49,170
For example, my internet service provider

201
00:06:49,170 --> 00:06:50,790
has a service-level agreement with us

202
00:06:50,790 --> 00:06:54,930
that states they're going to maintain an uptime of 99.999%,

203
00:06:54,930 --> 00:06:56,400
which equates to having no more

204
00:06:56,400 --> 00:06:58,680
than five minutes of downtime per year.

205
00:06:58,680 --> 00:07:00,720
Now, because it's a service-level agreement,

206
00:07:00,720 --> 00:07:02,850
if they don't meet that uptime requirement,

207
00:07:02,850 --> 00:07:04,080
what's going to happen?

208
00:07:04,080 --> 00:07:05,790
Well, that depends on your agreement

209
00:07:05,790 --> 00:07:07,470
and your underlying contracts.

210
00:07:07,470 --> 00:07:09,750
In our contract, we actually get a refund

211
00:07:09,750 --> 00:07:11,550
for the entire monthly service fee

212
00:07:11,550 --> 00:07:13,050
if they can't maintain the uptime

213
00:07:13,050 --> 00:07:14,910
they promised in their SLA.

214
00:07:14,910 --> 00:07:17,400
This is their penalty for not meeting the SLA,

215
00:07:17,400 --> 00:07:18,720
and it works essentially like a fine

216
00:07:18,720 --> 00:07:20,070
that they pay back to us.

217
00:07:20,070 --> 00:07:22,470
Some contracts have these and some contracts don't.

218
00:07:22,470 --> 00:07:25,200
It just depends on how you negotiate your deal.

219
00:07:25,200 --> 00:07:27,390
So remember, when it comes to agreements

220
00:07:27,390 --> 00:07:28,680
used in our network management,

221
00:07:28,680 --> 00:07:30,540
we have three main types.

222
00:07:30,540 --> 00:07:32,250
We have non-disclosure agreements,

223
00:07:32,250 --> 00:07:33,510
memorandums of understanding,

224
00:07:33,510 --> 00:07:35,013
and service-level agreements.