Colleagues from Europe asked to include these articles in the contract for the provision of cloud services.
When the law on the storage of personal data in Russia came into force, we foreign customers who had a local division here began to knock en masse. These are large companies, and they needed a service operator in our country.
At that time, my business English was not the best, but there was a feeling that no one from cloud technical specialists could speak English at all. Because our position as a big well-known company, plus my basic English in answering questions, was clearly a cut above other offers on the market. It was later that competition between Russian cloud providers appeared, but in 2014 there was simply no choice. 10 out of 10 customers who applied chose us.
And around this point, clients started asking us to prepare some very strange documents. That we do not pollute nature and will despise anyone who pollutes. The fact that we are not corrupt officials and will not shake hands with corrupt officials. The fact that our business is stable, and we give a tooth that in five years we will not go anywhere from the market.
First Features
Then we sent letters to everyone about the technical advantages of the cloud and infrastructure, but it turned out that few people needed it. It was important for everyone whether we are a big company, whether our operation processes in data centers are built (and how well they are built), who is next to large customers, whether we have world certificates. Even if the customer did not need even close PCI DSS, looking at the fact that we have one, they nodded graciously. The second lesson is that you need to collect pieces of paper and awards, they mean a lot in the USA and a little less in Europe (but they are still quoted much higher than ours).
Then there was a deal with one very large client through an intermediary integrator. At that time, I still didnβt know how to sell correctly, I just pulled up business etiquette in English, not understanding how important it is to arrange all services in one package. In general, we did everything not to sell. And they did everything to buy. And in the end, after the next beer gatherings with their director, he took and brought a lawyer, he says: here are some small formalities on the part of the end client. We joked about the weather, he says: there will be a couple of small edits, let's make a deal.
I gave our standard contract. The lawyer brought three more lawyers. And then we looked at the contract and felt like juniors at the time of a serious review of a year of work. Approval took four months of work of their legal department. In the first iteration, they sent out seven huge PDFs with text in curves without the ability to edit at least something. Instead of our five-page contract. I timidly asked: but not in an editable format? They're like, "Well, here are the Word files, try it. Maybe you can even do it." Each edit is exactly three weeks. Apparently, this is the limit of their SLA, and they conveyed the message to us that it is better not to do this.
Then they asked us for an anti-corruption document. Then in the Russian Federation it was already customary in the banking sector, but not here. Written and signed. Surprisingly, at that time the company had such a document in English, but not yet in Russian. Then they signed the NDA according to their form. Since then, almost every new customer has brought a non-disclosure agreement in its own form, we already have about 30 variations of them.
Then they sent a request for "sustainability of business development." We tried for a long time to understand what it is and how to compose it, we worked according to samples.
Then there was an ethical code (you canβt cut out children as a result of the work of a business, offend disabled people in a data center, and so on).
Ecology, that we are for a green planet. We called up within the company, clarified with each other whether we are for a green planet. It turned out to be green. This is economically justified, especially in terms of diesel fuel consumption in the data center. More especially places of possible harm to the environment were not found.
This introduced several important new processes (we have followed them ever since):
- It should be possible to regularly measure or calculate the energy consumption of hardware or services and send reports.
- For site-installed hardware, a list of hazardous substances should be completed and regularly updated when hardware is changed or upgraded. This list should be sent to the customer for approval prior to any modifications, upgrades, or installation.
- All hardware at any site under the contract must comply with the requirements of the European Union Directive 2011/65/EU on the restriction of hazardous substances (RoHS) in IT products.
- All worn or replaced hardware under the contract must be recycled by professional companies capable of ensuring environmentally friendly recycling and/or disposal of such materials. In the European Union, this means complying with Directive 2012/18/EU on the disposal of waste electrical and electronic equipment.
- Email waste from hardware at all stages of the supply chain must comply with the Basel Convention on the Control of Transboundary Movements of Hazardous Wastes and Their Disposal (see para. ).
- The redesigned hardware at the sites must support traceability. Processing reports should be provided to the customer upon request.
The quality of services (SLA) and the procedure for interaction (protocols, technical requirements) have already been signed as usual. There was a security document nearby: colleagues wanted to roll out patches and update antivirus databases and the like in 30 days, for example. Documented procedures for forensics and other things are shown to the customer. All incident reports are sent to the customer. ISO on information security passed.
Later
The era of the developed cloud market has come. I learned English and was able to speak it fluently, learned the etiquette of business negotiations in detail, learned to understand the hints of foreign customers. At least a part. We had a package of documents that no one could find fault with. We have redesigned the processes to suit everyone (and this proved to be a very important lesson during the PCI DSS and Tier III UI Operational certifications).
When working with foreign clients, we often do not see people at all. Not a single meeting. Just correspondence. But there was a customer who forced us to attend weekly meetings. It looked like a video call with me and 10 colleagues from India. They were discussing something among themselves, and I watched. For eight weeks they did not even connect to our infrastructure. Then I stopped communicating. They didn't connect. Then the meetings were held with a smaller number of participants. Then the calls began to be made without me and colleagues from India, that is, they took place in silence and without people.
Another customer asked us for an escalation matrix. I added an engineer: they say, first - to him, then - to me, then - to the head of the department. And they had 15 contacts for different issues, and each with three levels of escalation. It was a little embarrassing.
A year later, another customer sent in a security questionnaire. There are only 400 tricky questions, fill it out. And questions about everything: about how the code is developed, how the support works, how we hire staff, which ones we fire. This is hell. They saw that certificate 27001 would suit them instead of this questionnaire. It was easier to get it.
The French arrived in 2018. At some point, we are talking on Tuesday, and on Wednesday there is a World Cup match in Yekaterinburg. We discuss the issue for 45 minutes. Everything was discussed and decided. And Iβm like this at the end: why are you sitting in Paris? Yours here will win the tournament, and you are sitting. They got hooked. There was a total convergence. Then they just broke emotionally. They say: get us a ticket to the field, and tomorrow they will arrive in the magical city of Iekaterinberg. I didnβt get them a ticket, but for another 25 minutes we chatted about football. Then all communication went no longer according to SLA, that is, everything was according to the contract, but I directly felt how they speed up the processes and do everything for us first of all. When the French provider was on fire for the project, they called me every day, it did not break them off. Although there are rumors that they are very formally gathering meetings.
Then, on other communications, I began to track what works the same way. Many do not worry about how to get out and from where: it's us - from the office. And they can either bark a dog, or run away soup in the kitchen, or a child will crawl a cable to gnaw. Sometimes someone will simply disappear from an encounter screaming. Sometimes you hang out with a stranger. If you don't know what to say, you need to talk about the weather. Almost everyone is happy with our snow. Some say they've already seen him once. The conversation about snowy Moscow has become smalltalk: it does not affect the deal, but it reduces communication. After him, they start talking less formally, which is cool.
In Europe, they treat mail differently. If you go somewhere, they do not answer. If you are on vacation until yesterday, you may not watch for a month, then: βOld man, I just got back, Iβm raking it.β And it will be gone for two more days. Germans, French, Spaniards, British - if you see an auto-reply, you always wait, no matter what the end of the world happens.
And the last feature. The difference between their security guards and ours is that it is important for ours that all requirements are formally met, and they are dominated by processes, that is, they pay attention to best practices. And we always have to ironically show that all points are perfectly observed. One Frenchman even came to get acquainted with the processes and documents of the data center: we said that we could show the politicians only in the office. He arrived with an interpreter. We brought a bunch of policies on paper in folders in Russian. A Frenchman with a lawyer-translator sat looking at documents in Russian. He took out his phone, selectively checked whether he was given what he was asking for, or Anna Karenina. Probably already encountered.
references
- My mail - [email protected]
Source: habr.com