SaaS Contract Checklist: Everything You Need to Know
A SaaS contract checklist can help you ensure you hit all the important topics and sections that should be addressed in your SaaS contract agreement.4 min read
2. Handling Financial Liability in Case of a Data Breach
3. Availability of SaaS Applications
4. Important Factors in SaaS Agreements
Updated November 4, 2020:
A SaaS contract checklist can help you ensure you hit all the important topics and sections that should be addressed in your SaaS contract agreement. SaaS contracts deal with software delivery that is not downloaded or installed locally. It's managed from a central location, and customers access the software via the Internet.
In these types of contracts, the availability of the software and performance monitoring is critical. Therefore, SaaS agreements, or contracts, need to include a service-level guarantee. Stipulations on service-levels need to spell out the minimum acceptable performance levels. They should include details such as uptime, response time, customer satisfaction, and more. If you don't include minimum performance guarantees, there is a diminished value of SaaS for your business.
Information and Data Security
One of the most important sections to address in your SaaS contract relates to data security provisions:
- Add a requirement that the vendor must comply with the client's data security procedures.
- Include warranties that address data security, alteration, and loss.
- Give the client the right to conduct audits and security evaluations on a periodic basis.
- Create a disaster plan that includes business continuity steps, along with the vendor's related obligations.
- Properly draft a force majeure clause.
- Include very detailed statements regarding data ownership and return procedures.
- Address what is the vendor's obligation regarding performing backups, and how often should they happen.
- Explore what the vendor requires regarding data restoration.
Handling Financial Liability in Case of a Data Breach
SaaS vendors need to be prepared for and take proper steps to mitigate a potential risk of a data breach:
- Make sure your personnel are appropriately trained.
- Utilize proper security-related technology — multiple firewalls, encryption, an intrusion detection system, etc.
SaaS vendors need to have third-party reviews done and to certify that their security measures are more than adequate. SaaS customers will likely try to hold the vendor completely responsible, and therefore, liable for damages such as:
- Data loss
- Unintended disclosure
Availability of SaaS Applications
Customers have a reasonable expectation to have a working SaaS application to the same degree as if it was installed in the customer's physical location and on-site computers. In the event a crucial SaaS application is not working and is unavailable, the customer's business has the potential to be significantly impaired.
It's not unrealistic for customers to ask the vendor to make the SaaS application accessible and available round the clock, 365 days a year, and 99.5 percent of the time. This is where many vendors now utilize SLAs, or service level agreements, because there is a growing demand for them. Customers need to be understanding and patient during scheduled maintenance outages, which are done during nonpeak hours. There will also be events that are beyond the vendor's control, such as internet and power outages, and equipment failures.
Important Factors in SaaS Agreements
If you have the need to integrate a SaaS application with another system, either a cloud-based or on-site one, it can become more complex. It's good practice to budget for potential integration expenses, which may be anywhere from 10 to 30 percent, and in rare cases, as high as 50 percent of the initial cost for purchase and implementation. Some vendors don't want you to do this, as their go-to sales strategy may be just to close the deal and do an add-on after.
If this SaaS application is vital to your business, ensure you have a mechanism in place for protecting your business in case the SaaS vendor undergoes a serious event that renders it unable to provide service, such as:
- Massive failure of service
- Lawsuit and pending injunction
How will you secure business continuity if your SaaS provider is sold or changes hands? What are your rights to terminate your agreement?
Include outsourcing suppliers and technology partners you may need. A number of companies outsource their support to a third-party IT supplier. There are instances where an outsourced technology partner requires access to all products that interact with the central portfolio of information technology services, so it can proceed with proper troubleshooting.
Virus protection is another point to address in your SaaS contract. The agreement should contain clear language on how virus protection software is utilized and what happens if there is a virus. Ensure the SaaS vendor agrees to utilize proper virus-protection software and solutions. Also, make sure the provider attempts to prevent any risks in both the SaaS software as well as the customer's information technology environment.
If you need help with a SaaS contract checklist, you can post your legal need on UpCounsel's marketplace. UpCounsel accepts only the top 5 percent of lawyers to its site. Lawyers on UpCounsel come from law schools such as Harvard Law and Yale Law and average 14 years of legal experience, including work with or on behalf of companies like Google, Menlo Ventures, and Airbnb.