> This is a legal commitment to provide 100% uptime. They are guaranteeing 100% uptime
I don't think you know what a guarantee is.
For example when you buy a new car you get a guarantee that it won't break down. Are they claiming it won't break down? No, of course not. What a guarantee means is that they'll fix it or compensate you if it does.
>Nobody wants to live in a world where we have to second guess what the intent is behind everything a company promises and are only able to hold them to that.
How is this not the world we already live in?
Every agreement, obligation, promise, or contract I've read from my major tech 'partners' professionally and personally has had a clause that they can change it at any time with no prior notification.
What are the liabilities on them for failing to meet their SLA? Taking thing seriously is not a liability. Specifically in this case, what are their liability to you?
Because it won't happen otherwise. The evidence is easily seen in the current state of these markets. If a company wanted to do this voluntarily, they already would have.
>How exactly do conditions like this work in practice?
They take the money and bet on not enough people trying to sue and the terms being ironclad enough if they do that they get away with it in general even if they have to pay out a few times.
But you can put various things in place. E.g. limited access, (external) audits, etc. Such things are entirely standard and expected for any big company.
Saying "cannot guarantee" is too much nitpicking. Such needs (limit the access, etc) happens all the time. Say you want to takeover another (competitor) company. During that process you'll need to figure out a lot of information. However, you're competitors and you aren't allowed to do that. The common solution is to "ring fence" that team. Such "ring fencing" is a normal occurrence.
Similarly, you can also educate what is allowed and what not on a regular basis.
The company I work for has annual repeating courses for various basis things. Meaning, GDPR, competition law, fraud, etc. They're highly annoying and enough people try to ignore the course and go straight to the questions. It'll be difficult to pass if you didn't do it. Not doing those course will get you an email
After doing all that you'll still have enough cases where people were found to have committed fraud, etc. But that's entirely different than 'cannot guarantee'.
I know you went into things I said above. However, immediately saying "cannot guarantee" is too much of a technical answer. Yeah, there might be cases. But your whole response is a lot of proactive things. You also need to check after the fact, plus do more than just a policy. There is more than enough possible. Further, the question that was asked is entirely normal.
I think someone's simply looking at the first-order consequences and calling the analysis done, rather than taking into account the sort of company that enacting the policy will result in.
What guarantee do you have that these policies will never change in the future? Or are you simply assuming that risks never change?
reply