Y12 — Contract & Legal Pack
Asset: Y12 | Workstream:
[GTM]| Ownership:[SO]| Owners: Sagar · Nidhi Status: skeletons drafted — NOT legal advice | Human prerequisite: qualified counsel review before any use.Purpose: The paper a compliance firm must have airtight: MSA, master SOW, DPA, mutual NDA, and a client cloud-access authorization (least-privilege, time-boxed — modeling the same Identity > Secrets posture SnowOps sells).
⚠️ THESE ARE SKELETONS, NOT EXECUTABLE CONTRACTS
The files here are structural outlines + key-clause checklists to brief counsel — not legal advice and not ready to sign. A compliance/platform-eng firm contracting with regulated clients must have these drafted/reviewed by a qualified lawyer in the relevant jurisdiction(s) (India + the client's). Do not send any of these to a client until counsel has produced the executable versions.
Files
| File | What it covers | Counsel priority |
|---|---|---|
| msa-skeleton.md | Master Services Agreement — the umbrella terms. | High |
| sow-skeleton.md | Master SOW structure (per-engagement schedule). | High |
| dpa-skeleton.md | Data Processing Agreement — Azure sub-processor, data residency. | Highest (regulated clients) |
| mutual-nda-skeleton.md | Mutual NDA for pre-engagement (incl. the Discovery Audit). | High |
| cloud-access-authorization.md | Client authorization for SnowOps's least-privilege, time-boxed tenant access. | High (and the most SnowOps-specific) |
Where each fits the funnel
| Funnel stage (Y0) | Paper |
|---|---|
| Before Discovery Audit | mutual NDA + cloud-access authorization (read-only) |
| Close | MSA + SOW |
| Any data processing | DPA |
| Delivery (deploy SP) | cloud-access authorization (expanded to the B2 deploy scope) |
Consistency requirement (the SnowOps differentiator)
The cloud-access authorization must reference read-only / PIM-scoped, time-boxed grants consistent with G0 (audit SP) and the B-series (B2 deploy SP) — SnowOps's contracts should model the same posture it sells (Identity > Secrets, least privilege). The DPA must cover the Azure sub-processor relationship + data-residency. Nidhi + counsel verify.