SaaS Vendor Contracts: Issues to Consider During a Negotiation
Many in-house lawyers and professionals are increasingly encountering Software as a Service (“SaaS”) vendor contracts now that cloud computing business models are becoming more popular. In addition to the usual contract provisions, below are some specific issues that in-house attorneys should consider when negotiating SaaS vendor contracts.
- Service Level Agreements (“SLAs“). SaaS agreements increasingly include SLAs. Consider asking for SLAs if your contract does not include them. An SLA often contains guarantees by the vendor about service availability along with a clear explanation of the maintenance windows. A failure to meet the guarantees may trigger a credit or refund to the client. Also, consider adding a termination right for certain vendor performance failures.
- Privacy and Data Security. It is a good idea to ask the SaaS vendor about its data breach, disaster recovery, backup, and termination of services procedures. It may also be useful to delineate the vendor's and client’s responsibilities with respect to protecting data and notification requirements if a data breach occurs. It may also be helpful to have a clear statement about data ownership and provide that all data must be returned at the conclusion of the contract.
- Payment.The payment section is often a subject of disagreement between the parties. While invoice procedures and the method of payment do not tend to be controversial, the level of services provided for the subscription price may not be clearly defined. For example, consider asking whether integration, training, and support are included with the subscription. Also, it is worth asking which commonly-requested features are excluded from the subscription price.
- Governing law and jurisdiction. Privacy and security laws and regulations vary widely by jurisdiction and some may be more favorable than others. Therefore, explicitly stating the governing law and jurisdiction is recommended. This helps avoiding litigation in a distant location with unfamiliar or unfavorable laws.
- Indemnity and Liability. Indemnity obligations should generally be allocated to the party with the greater control over the risk being protected by the indemnity. Asking vendors to provide indemnification for intellectual property and confidentiality risks is fair game. Also, including a liability cap, set at multiple of the subscription fees paid over a reasonable period of time, is common.