This article is part of the Action Cyber Times™ Series on Agreements for Information Technology and Transactions.

The SaaS (Software as a Service) is a services agreement, not a software license, by third-party vendors to provide their particular proprietary software functionality from a remote server to a client via a data connection. As with most commercial agreements, one size does not fit all, and they may be tailored to the specific needs of the client.

However, if the vendor requires installing a small software program on the client hardware as a gateway to access its system, then that software would normally require a license by the client. As a practical matter, it is best to cover each bundle under separate contracts (or, at least separate clauses or addenda) since the installed gateway software has a greater potential to be changed, or become redundant, in the future.

Clauses / Conditions / Covenants

Services to be Provided

The initial introduction to the client who is provided access to the vendor’s system, and then to upload the client data for processing by the specific functionality of the vendor software.

Statement of Work

The SOW should include specific directions that the service provider follows, including services required, database maintenance, performance markers, applicable standards, quantifiers, usage, metrics, analytics, security measures, backups, data access if there is a failure, etc., that define the scope of the services to the buyer.

Consumers and Users

The provision of consumer technologies, such as social and mobile, in the software to service the needs of suppliers, consumers and others.

Migration and Training

These services to be provided by the vendor to the client, with inclusive requirements and timelines.

Parallel Testing Period

If it is a large scale deployment, then it is advisable to retain the legacy system and select only a small group to initiate the transition with the vendor.

Service to be Maintained

Since no vendor software is (usually) physically loaded onto the client hardware, there is no need for a software maintenance covenant since that is part of providing the software by the vendor. Rather, the agreement should state specific time periods for vendor system availability, minimum performance standards, time periods to remediate problems, application of penalties, etc.

Data Security and Reliability

The vendor must make certain promises to the client about its data protection protocols to minimize risk since the client’s data is in the possession of the vendor (even if the vendor leases server use from yet another party).

Pricing

Determine the model used for pricing, incremental charges, and that there should be flexibility in scaling – whether up or down.

Exit

Include an exit clause and data format when required to restore the data to your hardware.

Commentary by Attorney Timothy F. Mills, Editor / Action Cyber Times™ © 2019 All Rights Reserved.

Action Cyber Times™ provides resources for cybersecurity, data privacy, compliance, breach reporting and risk management, intellectual property theft, and the utilization of emerging technologies such as artificial intelligence, machine learning, blockchain DLT, advances in cryptographic applications, and more.

Disclaimer: The content available on the web site and in the blog posts is for informational purposes only and is not intended to, and does not, provide legal advice. Contact and retain an appropriate professional for legal advice. Use of this content or any of the links contained within the site do not create an attorney-client relationship. The opinions expressed are the opinions of the author.

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.