Establishes governance requirements for organizations purchasing commitment-based cloud discounts including Reserved Instances, Savings Plans, Committed Use Discounts, and equivalent constructs. The standard defines approval processes, utilization thresholds, coverage targets, and review cadences to ensure commitments deliver expected financial value. Non-compliance represents a significant financial risk, as poorly managed commitments can result in wasted spend exceeding millions of dollars annually.
Rationale
Commitment-based discounts are the highest-leverage and highest-risk financial instrument available in cloud procurement. The absence of formal governance leads to systematic waste, misaligned commitments, and missed savings opportunities across entire cloud portfolios.
Scope
Applies to all cloud commitment purchases including AWS Reserved Instances, AWS Savings Plans, Azure Reserved VM Instances, Azure Savings Plans, GCP Committed Use Discounts, and equivalent constructs from other cloud providers. Applies to all business units and teams within the organization that make or influence commitment purchasing decisions.
Requirements
10 requirements - MUST indicates mandatory; SHOULD indicates recommended.
All CBD purchases MUST be pre-approved through the formal commitment governance process before purchase.
Tier 1 commitments MUST require approval from the FinOps Director and CFO or equivalent financial authority.
Tier 2 commitments MUST require approval from the FinOps Director or Cloud Procurement Lead.
Pre-purchase analysis MUST include a coverage rate assessment, breakeven calculation, and workload stability assessment.
CBD utilization MUST be monitored at minimum weekly, with automated alerts triggered when utilization falls below 85%.
A CBD portfolio review MUST be conducted quarterly, with results reported to financial leadership.
Commitment coverage targets MUST be defined for each workload category; recommended targets are 70–80% for stable baseline workloads.
Organizations MUST maintain an inventory of all active commitments with expiration dates, utilization rates, and ownership assignments.
Commitments approaching expiration (within 90 days) MUST trigger a renewal analysis.
Exception requests for CBD purchases that fall outside policy parameters MUST be documented and approved by the FinOps Director.
Full Description
Commitment-based discounts (CBDs) represent one of the most powerful levers for reducing cloud costs, typically delivering 30–60% savings compared to on-demand pricing. However, they also introduce financial risk: commitments that are underutilized, poorly sized, or misaligned with workload patterns become sunk costs with no recovery path.
IFO4-S-003 defines the governance controls required to ensure that CBD purchases are well-justified, appropriately sized, actively monitored, and systematically reviewed. The standard draws on observed practices from high-maturity FinOps organizations and defines minimum requirements for both the purchase decision process and ongoing operational management.
The standard distinguishes between three CBD risk tiers based on commitment term and dollar value: Tier 1 (high risk: multi-year, $500K+), Tier 2 (medium risk: one-year, $100K–$499K), and Tier 3 (standard: one-year, under $100K). Each tier carries different approval requirements and review frequencies.
Version 1.0.0 is the initial publication of this standard. Subsequent versions will address emerging CBD constructs such as capacity reservations, third-party marketplace commitments, and AI inference commitments.