I: Not What You Think
II: IT’S MY DATA
III: More Precisely, IT’S ALL OF MY DATA
IV: How To Select A Vendor NOT Likely To Screw You Over

i.e. The MOST Important Clause in Your (Procure) Tech (SaaS) Contract (Part IV)

We know what you’re thinking.

After reading your three-part exposé (group) on the most important clause in your (Procure) Tech (SaaS) contract, I’m pretty sure I’m going to be screwed to some extent on a significant number of my SaaS contracts. How can I minimize the chances of this happening?

Do your diligence and limit your pool to vendors with the right vendor profile.

This means you have to go beyond a deep analysis of:

• the product, and does it do what you need
• the platform, and will it support growth
• the services capability, and can they implement and integrate the system without resorting to third parties
• the consulting/training capability, and can they provide basic help when you need it

which is where most people stop. And then you have to go beyond Legal and Risk Management’s staples of

• legal status
• financial stability
• legal jeopardy
• brand sentiment

because that’s not enough either! All that does is tell you the likelihood of being screwed over today, it does nothing to tell you the likelihood of being screwed in the next 6 months, 18 months, or 3 (to 5) years, which will be typical contract duration for a SaaS app of moderate complexity and significant importance.

So how do you figure that out? Well, there’s no golden rule or single predictor guaranteed to always work, as anything can happen to the best and worst of companies over time, but there is one highly correlated factor to SaaS company success you need to compute because, when it’s low, chances of crisis (that lead to your company getting screwed) are high.

What is that factor?

Relative Corporate Debt^*

In a (PE/VC/etc.) investor funded company, where msi = “months since investment”, this is defined as:

1.4^^{((60-msi)/12)} * revenue
————————————
investment valuation
In a private company, this is defined as:

annual revenue
———————
annual operating cost 

If this is less than 1, you’re taking a risk!

In the second case, for a private company that isn’t yet profitable, unless you can plot a trend line over the past year and a half on a quarterly basis that sees the vendor reaching profitability within a year and a half, you’re taking a big risk as loans and founder savings tend to only take a company so far. (And if the ratio is greater than 1, the company is stable and has a good chance of staying that way if it has a solid solution that improves annually.)

In the first case of an investor funded company, you need to understand that a provider that just raised 7, 10, 15X its current annual revenue is not a guaranteed winner. In fact, it’s not even guaranteed to be stable in the long term! One needs to remember that most investors expect a return within 5 years, and many of the bigger firms will expect a return within 3 years (and will slash operating expenses, i.e. headcount, to get it, especially if they bought it to flip it to a bigger investor down the line). This means that the investors who invested amounts at these ridiculous valuations are hoping it’s the next unicorn and expecting exponential growth.

But exponential growth is very hard to obtain!

First of all, exponential growth either requires creating a whole new market, which takes time, or displacing a lot of established competitors, which also takes time … especially if the majority of customers are still locked into those competitors for years. In the first case, it also requires businesses creating whole new budgets and then taking money away from other functions, which takes time. Plus, in both cases, it requires the company to create a broad and deep platform capable of displacing mature providers who might have spent a decade or more on their products, and that also takes time. Just like 9 women cannot have a baby in 1 month, there is a limit as to how fast even the best teams can create broad and deep software that is better than the last generation, scalable, secure, and reliable. (Given that [almost] half [or more] of AI code has been found to contain [significant] security flaws in multiple studies, AI code is not going to accelerate development as much as the AI players want you to believe. Sometimes it slows things down!)

Moreover, even once the market is ready (as a result of existing contracts expiring, millions of dollars spent on marketing to normalize the new player, millions more on development that might be enough to displace customers where the existing solution was bloatware), there is not only the resistance to change to overcome, but the reality that a provider can only take on so many customers so fast and support them adequately.

Despite what the investors want to believe, and what the C-Suite might promise, most back-office installs aren’t just “flipping a switch” and require a lot of time and effort by the provider to load data, integrate with the key back-end systems, configure the systems to the client’s needs, train the client’s personnel, monitor the system and usage during the first few months to make sure everything goes according to plan, etc. That means a provider can only handle so many new customers a month. Moreover, you can’t just add people at will to handle support needs because those support people will need to be trained and that will also require time from existing personnel, which will then have less time to support the clients.

The harsh reality is that, in IT and SaaS, most companies CANNOT grow at more than 40% year-over-year and maintain aggressive platform growth and leading customer support. Any growth beyond that leads to development slowdowns, significant interruptions (to complete failures) in customer support, and other missteps.

Doing the MATH, this means that a company can’t realistically grow more than 5X in 5 years without making some sacrifices along the way, which, in IT/SaaS, typically means SACRIFICING YOU! And that’s what the formula captures! Realistic growth expectations against current revenue and whether it will hit investor expectations in time!

So this means that if the provider accepts funding at a valuation that is significantly more than 5X, their chances of meeting the investor expectations are not good (unless, of course, they significantly raise prices on the renewal, which will also screw you), and that means your chances of great support will steadily decrease as time goes on and your chances of being one of the customers that eventually gets screwed (even if there was no ill intent or false promises when they signed you) increases.

Moreover, if the provider accepts funding at a valuation of more than 7X, their chances of meeting the investor expectations are really (really) bad. If they can more-or-less double functionality and increase the average annual sale price by about 50% within a year or so, then they can make 7X, but beyond that, there’s usually no way to make the math work in a manner that can be expected to satisfy the investors!

So do the math first. If the investment multiple is too high, or the company too far from profitability, it doesn’t matter how good it, or the solution, looks. If you want stability in your purchase, you need to walk away. If the situation changes in a couple of years, there’s no reason you can’t look at them again if the provider you go with ends up not doing everything you wanted. After all, if you ensured the contract had the IT’S MY DATA clause, and tested it rather promptly after implementation, nothing stops you from switching.

And this clearly demonstrates yet again why the IT’S MY DATA clause is the most important clause and any vendor who can’t, or won’t, guarantee full access to all of your data all of the time is not one you should go with.

Furthermore, and this is the kicker, chances are good that any vendor who is confident not only in their solution but in their ability to keep improving their solution will happily guarantee this. And who’d you rather? A vendor that feels the need to lock you in to a proprietary solution that holds your data hostage in order to keep you as a customer or a vendor that is so confident you’ll stay with their solution after mastering it that they give you the access codes to their competitor’s suite? I know who I’d rather!

^* (which is not the same as relative debt in estate law by the way!)

In Part I we told you that

• while you might think there is no single most important clause as there are a lot of important clauses, especially if you ask around,
• liability or penalty clauses are quite important, or that
• termination matters

the reality is that

• there is a most important clause, and it’s not what you think,
• liability is worthless if collecting costs more than you get, and
• you can’t terminate if you don’t have another choice!

We also told you that, after signing the contract, there is a good chance you will be screwed to some extent, whether or not the provider intends it. Between:

• psychopathic salespeople who will promise anything to sign the deal (and off to their next job before the reckoning comes),
• investor owners that are going to limit/cut support when unreachable sales targets are not hit, forcing the C-Suite to pick and choose who to screw over,
• the fact that your vendor will likely be acquired (because if it’s not, it’s likely to go out of business since there are almost 10 times the number of vendors we need in ProcureTech), and
• the fact that a struggling vendor with the best of intentions will take on too much and be forced to leave some customers high and dry

the chances are, like it or NOT, that you are going to be screwed. (And possibly doomed and entombed by the proprietary software using proprietary data formats that you probably shouldn’t have bought.)

This means there is one clause that overrules them all:

IT’S MY DATA … AND I CAN, AND WILL, GET IT ANYTIME I WANT IT!

Then we made it clear in Part II that while you might think it’s your data, you’ll think again when something happens 6 to 18 months down the road and you need to get it out. Chances are that, unless the developers give you a full database dump (in an underlying schema you have no documentation for, using encryption you have to acquire third party software for), you will be limited to exporting a few reports, and small transaction or record sets at a time. (Unless, of course, you include a clause mandating this, test it after all of your data has been imported and you have run a few events/processed a few thousand transactions to augment it, and penalty and termination clauses with damages and real teeth if this critical requirement is violated.)

But what we didn’t make clear is:

YOUR DATA IS MORE THAN JUST YOUR DATA

It’s also your configuration!

–> Who is using the software and what access rights they have.

–> What processes and workflows they are using.

–> And, most importantly, how those processes are configured!

Now, we’ll be brutally honest here and say that while you can’t expect to be able to import these settings into the next app you get for the same purpose, because every app is slightly different with slightly different configuration capabilities, workflow, etc.

It is very likely this is the only documentation you have of:

• who is allowed to use the software and what they are permitted to do
• what processes and workflows you are following
• what approval processes you are using and who is actually approving
• and so on.

In other words, it is very likely that the ONLY documentation you have on your processes and practices is in the tools you are using, and, more specifically, in the configurations. Thus it’s absolutely essential you be able to export those as well. Even though you will have to manually recreate them when you switch platforms, it is still better to have documentation on what you were doing, and who was doing it, than none at all. Plus, you can then analyze your processes and find opportunities for improvement with these records!

So make sure that when you select an app you can get your data, and we mean all of your data, at any time before you sign on the bottom line. That way, no matter what happens, you’ll never really be screwed.

In Part I we told you that

• while you might think there is no single most important clause as there are a lot of important clauses, especially if you ask around,
• liability or penalty clauses are quite important, or that
• termination matters

the reality is that

• there is a most important clause, and it’s not what you think,
• liability is worthless if collecting costs more than you get, and
• you can’t terminate if you don’t have another choice!

But this isn’t the worst of it! The worst of it is that, after signing the contract, there is a good chance you will be screwed to some extent, whether or not the provider intends it. Between:

• psychopathic salespeople who will promise anything to sign the deal (and off to their next job before the reckoning comes),
• investor owners that are going to limit/cut support when unreachable sales targets are not hit, forcing the C-Suite to pick and choose who to screw over,
• the fact that your vendor will likely be acquired (because if it’s not, it’s likely to go out of business), and
• a struggling vendor with the best of intentions will take on too much and be forced to leave some customers high and dry

the chances are that you are going to be screwed.

This means there is one clause that overrules them all:

IT’S MY DATA … AND I CAN, AND WILL, GET IT ANYTIME I WANT IT!

You might think it’s your data, and you might think you can get it anytime you want it as there will be clauses around data protection, privacy, security, etc. as well as acknowledgements that you own your data, it will be kept separate from competitors, and the provider will not use it except to serve you, which may include using limited anonymized portions of it in community data.

And you might think you can get your data anytime you want it because they will guarantee up time, allow you to export transactions and reports, and so on.

But ask yourself this. Of the hundreds (and possibly beyond a thousand) of SaaS applications your organization currently uses, and has used throughout your career there, how many could you, self-serve, do a complete export of all of your data on-demand? And by all of your data, I mean all of your data. Not just reports or summaries or core record subsets. When sourcing, all suppliers and all related 360-data — all risk scores, compliance certificates, performance KPIs, related transactions, related bids, related events, product catalogues, tooling data, etc. In Procurement, all documents related to a transaction — not just the invoice but the purchase order, acknowledgement, goods receipt, credit note, etc.

When we say all of your data, we mean ALL of your data. Chances are, you can’t get it self-serve from your SaaS Application. You might not even be able to get all of your data with help from the the provider’s services personnel. For some applications, the only chance is if the developer does a, relatively undocumented, database export. And good luck with that!

This means three things.

1. If the provider says that have no way for you to get all of your data at any time, you should not consider them.
2. You must have a clause that:
   • allows you to export all of your data self-serve at any time (although it’s reasonable for the provider to charge a fee if we’re talking many GBs or TBs and you decide to export all of it on a regular basis, but you should be able to do this, depending on the data velocity and volume, at least once a quarter, month, or week, for free) in a standardized format; in addition, you must also include a modified
   • penalty clause with a significant penalty if you cannot do so by whatever date the baseline implementation is supposed to be completed; a (modified)
   • termination clause if the provider is unable to correct this by a certain time, and a (modified)
   • liability clause for the damages incurred as you will have to find another solution and will have lost time and money on implementing the providers solution.
3. You must test the ability as soon as the initial import of all of your data is complete, and again in a few weeks once you create a whole lot of new data in the system (updated profiles, end-to-end sourcing events, thousands of new transactions with associated documents, etc.). We realize this will take a lot of time, but much less than trying to figure out what to do six to eighteen months down the road when the vendor fails (you) and you’re left high and dry.

That way, if the provider

• fails to complete the implementation and required integrations in a reasonable time (and you’re unable to adopt the system),
• sells you something they don’t have and may not have within the timeframe of the initial agreement,
• gets acquired by a larger vendor with no intent to support the solution longer than they feel it will take for their forced migration to a higher-priced solution you don’t want, or
• serves you a notice that it is winding down operations

you can keep going. As long as you can export all of your data in a standard, documented, format, you know that there are a dozen (if not dozens of) providers who will happily convert it to to their format (for free) for your business. Just be sure they will also agree to the same IT’S MY DATA … AND I CAN, AND WILL, GET IT ANYTIME I WANT IT! before selecting them!

The reality of the situation is that there is no unique capability in business data processing that can’t be, and isn’t, more-or-less replicated by dozens of other solutions. Sure they have different UIs, add or subtract process steps, and use different data storage formats, but universal business processes are universal, there are dozens of ways to do them, and get around the software patents supposedly protecting them (which should be banned in the US, as they are in the EU). The next solution might not be as custom fit as the one you are forced to abandon, but it will work (as long as you have unhindered access to 100% of your data). That’s the point.

As long as you can always get your data, you’re never completely screwed. (And once you’ve switched, if the losses are still significant, then, if the C-Suite wants to pursue, you can let the lawyers have their day. You won’t be held ransom by a vendor holding your data hostage.)