Daily Archives: February 11, 2009

SaaS Contractual Considerations: Part II

Despite the claims to the contrary from the monolithic on-premise players who are threatened by the new platform and all of the advantages it has to offer, SaaS is gaining momentum. The best evidence I have to offer is the rate at which analysts and bloggers, including yours truly, are getting inquiries into how to evaluate these offerings from a functional and TCO perspective and how to construct the contract. And it’s not just buyers who want to know what needs to be in the contract to protect their investment. Providers also want to know what clauses they should be including to protect themselves as well.

As I am not a lawyer, I cannot claim to be an expert on contract construction of any kind, but I can claim to be very familiar with IT contracts (as someone who has always handled his own and been involved in their construction and review at a number of companies) and to have considerable knowledge with regards to issues that need to be addressed on both sides of the table. Thus, I give you the doctor‘s top issues for consideration when negotiating your next SaaS contract in addition to the standard issues of term, fees, liability, representations, warranties, confidentiality, insurance, indemnity, rights, relationship, dispute resolution, publicity, and government law that your lawyers will remind you of in every contract drafting. Today, we’ll focus on the supplier:

For the Supplier:

  • We’re Not Responsible for Your Network
    You are responsible for your software and network, and not your client’s software and network. If your client’s ISP goes dead, not your problem. If your client’s router starts acting flakey and randomly blocking required ports, not your problem. Your support requirements cease the minute you are able to demonstrate the problem is not on your network.
  • We’re Not Responsible for Your Systems
    As a provider you are responsible for your software and your network, not your client’s software and network. As long as you provide the client with a complete list of compatible software products and supported versions, and the client agrees to it, you’re under no obligation to support the client should they choose to use other products or upgrade to non-supported versions before you have certified that such products are compatible with your system. I.E. if IT upgrades all the browsers before you certify them as compatible, and your system doesn’t work, not your problem if the client agrees in the contract to only use, and expect support on, pre-agreed browsers and supported versions thereof. Of course, in fairness, you should expect to have to support new versions within a certain time-window and agree to do so within a realistic time-window.
  • We’re Only Responsible for the Security of Data in our Systems
    You’re required to follow industry standard best practices around data security and insure that all confidential and personal information on your systems is appropriately encrypted to the level of security agreed upon in the contract. However, you’re not responsible for what your client does with that data once they extract it from your systems. If they decide to cut and paste out of a secure browser session into an unsecure notepad file on a hacked PC, you cannot control that and have no responsibility for the consequences of such action.
  • We’re Not Responsible for Disasters Beyond our Control
    You’re responsible for your software, systems, and data centers to the extent that you have control. Your Force Majeure clause says that you are not liable for damages if both of your power providers go black or if both of your internet connections get severed because of a natural disaster or other government or terrorist action beyond your control. That being said, if your providers stay dark for more than a short period of time, it’s your responsibility to transition to a backup facility or enable your client to set up a temporary instance of your application in their facility as per the terms that any reasonable buyer should be expected to insist on in the SLA.
  • Standard Rate for Services Above and Beyond our Standard Offering
    You’re responsible for support, maintenance, upgrades and other services you agree to — and that’s it. Although you are happy to go above-and-beyond your service requirements, make it clear that you do not do custom work for free and that any custom tasks or services will be billed at a standard hourly or daily rate on the monthly invoice. Otherwise, the buyer might say “we thought that was free” and put you in a pickle if you hired additional resources to support the buyer above-and-beyond the agreed upon service levels.

Be sure to check out the Master “Software as a Service” Managed Services Agreement in the Procurement-Based Contract Templates, Version 2, that is made freely available to you by Stephen Guth of The Vendor Management Office blog.