Tales about foreign customers and their peculiarities of work in Russia after the law on PD

Colleagues from Europe asked to include these articles in the contract for the provision of cloud services.

When the law on the storage of personal data in Russia came into force, foreign customers, who had a local division here, began to knock on our cloud . These are large companies, and they needed a service operator in our country.

At that time, I didn’t have the best business English, but there was a feeling that nobody from the technical specialists on clouds could speak English. Because our position as a well-known company, plus my basic English, in response to questions, were clearly a bit better than other offers on the market. This then already appeared competition between Russian cloud providers, but in 2014 there was simply no choice. 10 out of 10 customers who applied to choose us.
')
And around this point, clients began to ask us to prepare very strange documents. That we do not pollute the nature and we will despise everyone who pollutes. The fact that we are not corrupt and will not give a hand to corrupt officials. The fact that our business is stable, and we give a tooth, that in five years from the market we will not go anywhere.

First features

Then we all showered letters about the technical advantages of the cloud and infrastructure, but it turned out that few people need it. It was important to all, whether we are a big company, if we have built up operational processes in data centers (and how well they are built), who are standing next to large customers, whether we have world certificates. Even if the customer did not need even close PCI DSS, looking at what we have, they nodded kindly. The second lesson is to collect pieces of paper and awards, they mean a lot in the United States and a little less in Europe (but they are still quoted much higher than ours).

Then there was a deal with one very large client through an intermediary integrator. At that time I still didn’t know how to sell correctly, I just tightened up business etiquette in English, not understanding how important it is to arrange all services in one package. In general, we did everything not to sell. And they did everything to buy. And in the end, after the next get-togethers for a beer with their director, he took and brought a lawyer, says: here are some formalities on the part of the final client. We were joking about the weather, he says: there will be a couple of small edits, give the contract.

I gave our model contract. The lawyer brought three more lawyers. And then we looked at the contract and felt like the junas at the time of a serious review of the year of work. The reconciliation took four months of operation of their legal department. In the first iteration, without looking, they sent seven huge PDFs with text in curves without the ability to edit anything. Instead of our five-page contract. I timidly asked: is it not in an editable format? They are like this: “Well, here are the Word files, try it. Maybe you can even do it. ” Each edit is exactly three weeks. Apparently, this is the limit of their SLA, and they conveyed to us a message that it is better not to do this.

Then they asked us for an anti-corruption document. Then in the Russian Federation it was already customary in the banking sector, but not here. Wrote, signed. What is surprising, then the company had such a document in English, but it was not yet in Russian. Then they signed the NDA by their form. Since then, almost every new customer has brought a non-disclosure agreement in its form, we have about 30 variations already.

Then they sent a request for "sustainability of business development." For a long time we tried to understand what it was and how to make it up, we worked on samples.

Then there was a code of ethics (as a result of the work of a business, it is impossible to cut out children, offend people with disabilities in a data center, and so on).

Ecology, that we are for the green planet. They called each other inside the company, asked each other if we were a green planet. It turned out for the green. This is economically justified, especially in terms of diesel fuel consumption in the data center. No more places of possible harm to ecology were found.

It introduced several important new processes (we have been following them since):

1. It should be possible to regularly measure or calculate the power consumption of hardware or services and send reports.
2. For the hardware installed at the sites, it is necessary to complete and regularly update the list of hazardous substances when the hardware is changed or updated. This list should be sent to the customer for approval before making any changes, upgrades or installation.
3. All hardware at any site within the contract must meet the requirements of the European Union Directive 2011/65 / EU on the restriction of the content of harmful substances (RoHS) in IT products.
4. All worn or replaced hardware under the contract must be recycled by professional companies capable of ensuring environmental safety during the recycling and / or recycling of such materials. In the European Union, this means compliance with Directive 2012/18 / EU on the disposal of waste electrical and electronic equipment.
5. Al. Waste hardware from all parts of the supply chain must comply with the Basel Convention on the Control of the Transboundary Movement of Hazardous Wastes and their Disposal (see www.basel.int ).
6. Recycled hardware at sites should support traceability. Recycling reports should be submitted to the customer upon request.

The quality of services (SLA) and the order of interaction (protocols, technical requirements) have already been signed as usual. Next was a security document: colleagues wanted to roll up patches and update anti-virus databases and the like in 30 days, for example. Documented forensic and other procedures are shown to the customer. Reports of all incidents are sent to the customer. ISO on IB passed.

Later

The era of a developed cloud market has begun. I learned English and could speak it fluently, learned the etiquette of business negotiations to the details, learned to understand the hints of foreign customers. At least part. We had a package of documents to which no one could find fault. We redesigned the processes to suit everyone (and this turned out to be a very important lesson at the time of the PCI DSS and Tier III UI Operational certifications).

Working with foreign clients, we often don’t see people at all. Not a single meeting. Just a correspondence. But there was a customer who made us attend weekly meetings. It looked like a video call with me and 10 colleagues from India. They discussed among themselves something, and I watched. For eight weeks they did not even connect to our infrastructure. Then I stopped communicating. They did not connect. Then the meetings were held with a smaller number of participants. Then calls began to be made without me and colleagues from India, that is, passed in silence and without people.

Another customer asked us for an escalation matrix. I added an engineer: they say, first to him, then to me, then to the head of the department. And they had 15 contacts for different questions, and each with three escalation steps. It was a little embarrassing.

A year later, another customer sent a security questionnaire. There are only 400 tricky questions, fill out. And questions about everything: how the code is developed, how the support works, how we hire staff, which one we fire. This is hell. We saw that the certificate 27001 will suit them instead of this questionnaire. It was easier to get it.

In 2018, the French came. We are at some point talking on Tuesday, and on Wednesday - the World Cup match in Yekaterinburg. 45 minutes discuss the issue. All discussed, decided. And I'm at the end: why are you sitting in Paris? Your tournament here will win, and you sit. They hooked. There was a total convergence. Then they just broke emotionally. They say: get us a ticket on the field, and they will arrive tomorrow in the magical city of Iekaterinberg. I didn’t get them a ticket, but for another 25 minutes we were talking about football. Then all the communication went no longer on the SLA, that is, everything was under the contract, but I directly felt how they speed up the processes and do everything first of all for us. When the French provider was on the project, they called me every day, it did not break them. Although there are rumors that they are very formally gathering meetings.

Then on other communications, I started to track that it also works. Many people do not bother how to get out and from where: it’s us - from the office. And they can either bark the dog, or run away in the kitchen soup, or the child crawls over the cable. Sometimes someone just disappears from the meeting with a scream. Sometimes you hang with a stranger. If you don't know what to say, you need to talk about the weather. Almost everyone rejoices in our snow. Some say that they have already seen it once. A conversation about snowy Moscow has become smalltalk: it does not affect the deal, but it reduces communication. After him, they begin to speak less formally, and this is cool.

In Europe, otherwise refer to the mail. If you go somewhere, do not respond. If you are on vacation until yesterday, you may not watch the month, then: “Old man, I just came back, raking”. And another two days will disappear. The Germans, the French, the Spaniards, the British - if you see an auto-answer, you always wait, no matter what the end of the world.

And the last feature. The difference between their safeguards and ours is that it is important for ours that all requirements are formally met, and their processes dominate, that is, they pay attention to the best practices. And we always have to show that all the points are perfectly observed. One Frenchman even came to get acquainted with the processes and documents of the data center: we said that we can only show politicians in the office. He arrived with a translator. We dragged a bunch of policies on paper in folders in Russian. A Frenchman with a lawyer and translator sat looking at the documents in Russian. I got the phone, selectively checked: whether they gave him what he asks, or Anna Karenina. Probably already faced.

Links

• About other cloud tales
• My mail is SZinkevich@croc.ru