OVERVIEW
The terms of service are legal agreements that set out the responsibilities and key terms to protect your liability, and also support effective information security, privacy and cyber resilience. There are three main ways the terms of service can be agreed with your customers and users:
1. Online / published terms of service;
2. Marketplace or reseller agreements; and/or
3. Individual contracts (MSA / Engagement Letter)
Multiple forms may be used, and potentially also combined with a Statement of Work (SoW). That sets out the commercials and other practical details, which can be kept separate to the legal agreements for simplicity.
EXAMPLE AUDIT EVIDENCE
1. Online / published terms of service
You can find examples of this for pretty much any mainstream SaaS, PaaS or IaaS provider by searching the company name + 'terms of service'. These terms of service are usually published on the website. Here's an AWS example.
2. Marketplace or reseller agreements
You might have channel distribution partners or sell your product or services through a marketplace like AWS Marketplace. Similar to a published terms of service, there may be an end-user licence agreement linked with the generic key terms. Here's a Cloud One Conformity example. The difference to a published terms of service, is these terms are aligned to a specific distribution channel.
3. Individual contracts (MSA / Engagement Letter)
The important difference between the last two ways of agreeing the terms of service, is that individual contracts vary for each customer. This may be required when dealing with large enterprise in particular, or where the terms are more complicated or confidential than what can be generically published. Here's an Example Contract.