Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Legal Risk Management

Services are evaluated based on the legal protections offered to users. Legal Risks are assessed based on elements such as jurisdictional location, contractual indemnity, IP ownership, and privacy policy

Legal Risk Attributes

The Legal Risk score is calculated out of the following categories, attributes, and values defined by Skyhigh CASB. 

Category Attribute Description Possible Value
Export / Import Service in ITAR List

Is the cloud service provider listed in the International Traffic and Arms Regulations (ITAR) listing of Directorate of Defense Trade Controls (DDTC) certified providers?

For details, see the ITAR DDTC list at https://www.pmddtc.state.gov/embargoed_countries/

10 - No
50 - Not publicly known
60 - Yes
Legal Protection Legal Indemnity How is legal indemnity handled with cloud service provider per its terms of use? 10 - SP indemnifies customer until infringement by 3rd party
10 - Customer indemnifies SP until infringement by 3rd party
20 - SP indemnifies customer until violation of terms of use
20 - Customer indemnifies SP until violation of terms of use or IP infringement
20 - SP indemnifies customer until violation of these Terms and IP infringement
20 - Negotiated Terms
30 - Customer indemnifies SP until violation of terms
30 - Mutual Indemnification
30 - Blanket Indemnity
50 - Not publicly known
50 - Undefined
Geography Jurisdictional Location Where is the geographical legal jurisdiction for the cloud service provider to make legal decisions and judgments? 10 - US
10 - Europe
20 - Negotiated Terms
30 - APAC
30 - Depends on customer location
50 - Others
80 - Not publicly known
80 - Undefined
Conflict Dispute Resolution How are disputes handled between the cloud service provider and clients? 10 - At customer location
20 - Negotiated Terms
30 - Arbitration
40 - Exclusively in SP state/country only
60 - Not publicly known
60 - Undefined
Contract Account Termination Policy What are the grounds for account termination with the cloud service provider? 10 - Customer choice only
10 - Customer Choice or On Infringement of TOU/Non-Payment
10 - Both Customer and SP can terminate
20 - Negotiated Terms
30 - On infringement of contract terms
40 - Not publicly known
40 - Undefined
60 - SP but with/without notice period
80 - Sole discretion of SP
Intellectual Property IP Ownership Policy What are the specified definitions of intellectual property ownership in the terms of use for the cloud service provider? 10 - Customer Owns
30 - Not publicly known
30 - Undefined
60 - SP Owns
Terms of Use Statute of Limitations What is the statute of limitations specified for the cloud service provider that restricts the time within which legal proceedings might be brought? 10 - Multiple Years
20 - 1 Year
20 - Negotiated Terms
50 - Not publicly known
60 - Undefined
70 - None specified in ToU
Terms of Use Privacy Policy What kind of privacy policies are applied for disclosure and managing of customer data that the cloud service provider gathers? 10 - Does not collect PII
20 - Collects data and does not share with 3rd party
30 - Shares only on subpoena or applicable laws
30 - Negotiated Terms
40 - Collects and shares with 3rd party on customer's consent and on subpoena or applicable laws
40 - Undefined
50 - Collects and shares with 3rd party and on subpoena or applicable laws
50 - Collects and shares with 3rd party on customer's consent
70 - Not publicly known
90 - Collects and shares with 3rd party
Terms of Use Service Adherence to Copyright Controls What are the copyright controls adhered to by the cloud service provider? 20 - DMCA
40 - Others
60 - Not publicly known
70 - Undefined
Export / Import Service in USTR List Is the cloud service provider listed in the U.S. Trade Representatives (USTR) notorious markets list? 10 - No
50 - Not publicly known
60 - Yes
Terms of Use  Penalty on SLA Does the SLA define penalties when the service provider does not meet the agreed service levels? 10 - Percentage of contract
30 - Capped to amount of contract
50 - Undefined
60 - Capped to a fixed amount
80 - None specified in SLA
  • Was this article helpful?