When the Open Cloud Manifesto was unveiled recently by IBM et al I wrote "The (Cloud) Bastards say, Welcome"
And I invited several cloud pioneers who have been at it - delivering cloud based products and services or helping evaluate and nurture them for several years - to discuss the manifesto and what they have learned in Cloud Computing over the last few years.
This time I invited the doctor to discuss his view on SaaS contracts
“I may not be a lawyer, but I am an experienced technologist who has building and architecting "on-demand" solutions back before most people knew what they were, starting with web-based e-commerce solutions back in 1997. In addition to the extensive knowledge of SaaS architectures and solutions that I gained through my R&D career, I have also become quite familiar with IT contracts through my operational, and more recently, consulting roles.
This has allowed me to identify the issues that need to be addressed in SaaS contracts in addition to the standard issues of term, fees, liability, representations, warranties, confidentiality, insurance, indemnity, rights, relationship, dispute resolution, publicity, and governing law that your lawyer will remind you of.
So without further ado, here are my Tips.
- Forego the Escrow, You want 24x7 Data Availability
As per my last post on Software Acquisition Tips, you don't have a dedicated software development team and even if you do, it's going to take them a long time to wrap their head around millions of line of unfamiliar code. What you need is the ability to get a complete data extract in a neutral format (XML, CVS, etc.). That way you can always obtain a competitive solution, load your data, and keep on truckin'. - Insist on Minimum Security Requirements
Most vendors have dedicated development teams that know more about IT security than your internal support team, but you could be on the hook for data breaches if their security is inefficient. Make sure that database encryption, data transmission only over accepted protocols, and adequate physical security at the data center is part of the contract. - Pay By the Drink
Make sure you only pay for the number of user accounts that are active in a month and that you have the ability to add and remove user accounts at any time. - Guaranteed Availability and Up-Time
SaaS promises 24/7 and you need the system to be available when your users need it. Make sure the system has a guaranteed availability of 99.999% during your normal business hours, 99.5% the rest of the time, and that scheduled maintenance only occurs during agreed upon time windows. - Guaranteed Response Time
There's no perfect software system and something will inevitably go wrong with your on-demand solution just like something inevitably went wrong with your on-premise system. Make sure that the provider agrees to start investigating all outages immediately during normal operating hours for your business and within 30 to 60 minutes otherwise. - Continued Support for Your Approved Environment
Many providers will want to take the "your systems, your network, your problem approach". That being said, if they advertise their system to work with FireFox 3 and FireFox 3.0.7 is part of your standard environment, insure that they will continue to support that environment for a reasonable amount of time AND give you a minimum of 90 days notice if they plan to stop supporting that environment. - They are Responsible for Their Service Providers
Many providers will want to get liberal with the Force Majeure clause and insist they are not responsible for any supplier outages, including internet and power, which could take down their systems and your application. Insist that they are responsible for your service and that even if one or more of their suppliers brings their system down, they are still responsible for getting your systems back on-line on (remote) unaffected servers within a set time window. - Included and Excluded Support Services are Clearly Defined
Furthermore, fees for additional or supplementary support services are clearly defined up-front. The last thing you want is a 2,000 / day bill for three days of "consulting services" that you thought were covered under your support agreement.
If you follow these tips, you're well on your way to getting the right SaaS contract for you.
P.S. This guest-post draws from a two-part series on SaaS Contractual Considerations that originally ran on Sourcing Innovation. You can find the originals here: Part I and Part II. “