In Part I we told you that

• while you might think there is no single most important clause as there are a lot of important clauses, especially if you ask around,
• liability or penalty clauses are quite important, or that
• termination matters

the reality is that

• there is a most important clause, and it’s not what you think,
• liability is worthless if collecting costs more than you get, and
• you can’t terminate if you don’t have another choice!

But this isn’t the worst of it! The worst of it is that, after signing the contract, there is a good chance you will be screwed to some extent, whether or not the provider intends it. Between:

• psychopathic salespeople who will promise anything to sign the deal (and off to their next job before the reckoning comes),
• investor owners that are going to limit/cut support when unreachable sales targets are not hit, forcing the C-Suite to pick and choose who to screw over,
• the fact that your vendor will likely be acquired (because if it’s not, it’s likely to go out of business), and
• a struggling vendor with the best of intentions will take on too much and be forced to leave some customers high and dry

the chances are that you are going to be screwed.

This means there is one clause that overrules them all:

IT’S MY DATA … AND I CAN, AND WILL, GET IT ANYTIME I WANT IT!

You might think it’s your data, and you might think you can get it anytime you want it as there will be clauses around data protection, privacy, security, etc. as well as acknowledgements that you own your data, it will be kept separate from competitors, and the provider will not use it except to serve you, which may include using limited anonymized portions of it in community data.

And you might think you can get your data anytime you want it because they will guarantee up time, allow you to export transactions and reports, and so on.

But ask yourself this. Of the hundreds (and possibly beyond a thousand) of SaaS applications your organization currently uses, and has used throughout your career there, how many could you, self-serve, do a complete export of all of your data on-demand? And by all of your data, I mean all of your data. Not just reports or summaries or core record subsets. When sourcing, all suppliers and all related 360-data — all risk scores, compliance certificates, performance KPIs, related transactions, related bids, related events, product catalogues, tooling data, etc. In Procurement, all documents related to a transaction — not just the invoice but the purchase order, acknowledgement, goods receipt, credit note, etc.

When we say all of your data, we mean ALL of your data. Chances are, you can’t get it self-serve from your SaaS Application. You might not even be able to get all of your data with help from the the provider’s services personnel. For some applications, the only chance is if the developer does a, relatively undocumented, database export. And good luck with that!

This means three things.

1. If the provider says that have no way for you to get all of your data at any time, you should not consider them.
2. You must have a clause that:
   • allows you to export all of your data self-serve at any time (although it’s reasonable for the provider to charge a fee if we’re talking many GBs or TBs and you decide to export all of it on a regular basis, but you should be able to do this, depending on the data velocity and volume, at least once a quarter, month, or week, for free) in a standardized format; in addition, you must also include a modified
   • penalty clause with a significant penalty if you cannot do so by whatever date the baseline implementation is supposed to be completed; a (modified)
   • termination clause if the provider is unable to correct this by a certain time, and a (modified)
   • liability clause for the damages incurred as you will have to find another solution and will have lost time and money on implementing the providers solution.
3. You must test the ability as soon as the initial import of all of your data is complete, and again in a few weeks once you create a whole lot of new data in the system (updated profiles, end-to-end sourcing events, thousands of new transactions with associated documents, etc.). We realize this will take a lot of time, but much less than trying to figure out what to do six to eighteen months down the road when the vendor fails (you) and you’re left high and dry.

That way, if the provider

• fails to complete the implementation and required integrations in a reasonable time (and you’re unable to adopt the system),
• sells you something they don’t have and may not have within the timeframe of the initial agreement,
• gets acquired by a larger vendor with no intent to support the solution longer than they feel it will take for their forced migration to a higher-priced solution you don’t want, or
• serves you a notice that it is winding down operations

you can keep going. As long as you can export all of your data in a standard, documented, format, you know that there are a dozen (if not dozens of) providers who will happily convert it to to their format (for free) for your business. Just be sure they will also agree to the same IT’S MY DATA … AND I CAN, AND WILL, GET IT ANYTIME I WANT IT! before selecting them!

The reality of the situation is that there is no unique capability in business data processing that can’t be, and isn’t, more-or-less replicated by dozens of other solutions. Sure they have different UIs, add or subtract process steps, and use different data storage formats, but universal business processes are universal, there are dozens of ways to do them, and get around the software patents supposedly protecting them (which should be banned in the US, as they are in the EU). The next solution might not be as custom fit as the one you are forced to abandon, but it will work (as long as you have unhindered access to 100% of your data). That’s the point.

As long as you can always get your data, you’re never completely screwed. (And once you’ve switched, if the losses are still significant, then, if the C-Suite wants to pursue, you can let the lawyers have their day. You won’t be held ransom by a vendor holding your data hostage.)