From customer relationship management systems like Salesforce.com to online document storage systems like Google Drive, it is becoming increasingly common for software to be offered and utlilized in Software-as-a-Service (or SaaS) arrangements, a form of cloud computing.
In these arrangements, software applications are hosted remotely by the vendor and made available to customers online, typically via the Internet. While these arrangements may offer attractive alternatives, prospective customers need to be aware of the associated risks and what to look for in SaaS contracts.
This need is perhaps even greater when the dollar value of the deal is low and customers may be presented with a “take it or leave it” choice of either simply accepting a given vendor’s offered terms (often presented in online “click-through” agreements) or finding an alternative vendor rather than negotiating terms.
One important area of concern is the “service levels,” or minimum required levels of performance, the vendor is willing to commit to.
For example, in a SaaS model, there usually needs to be a service level regarding “availability” — the minimum percentage of time that vendor commits to make the software application available for use by customers.
Customers should review service level agreements closely and understand exactly what commitments are being made by the vendor.
In reviewing availability service levels, customers need to analyze not just the required availability percentage but also how frequently the vendor’s performance in comparison with the service level is assessed (e.g., monthly vs. quarterly).
Also evaluate the hours or time periods to which the service level applies and whether the vendor automatically monitors and reports on availability or the customer must report every outage.
Be sure to review what remedies (e.g., credits to the customer or termination rights) are available if the availability percentage isn’t met, whether those remedies are automatically invoked or must be requested by the customer and in what circumstances the vendor is excused from not performing in accordance with the service level.
Other service levels that may be important in SaaS arrangements concern problem response and resolution — the time periods to which the vendor commits with respect to responding to the customer and commencing work on reported incidents or issues and in resolving those incidents or issues.
Depending upon how critical the software application is to the customer, the hours during which these service levels apply and during which support will be provided by the vendor may also be quite important.
If customer data are being stored at the vendor’s site, prospective customers need to consider the vendor’s commitments regarding data rights, backups and disaster recovery.
If personal or individually identifiable information — including individual’s names, addresses and credit card numbers — are being stored by the vendor, concerns become even greater as the customer’s potential liability and reputation damage that could result from a security breach could be quite high.
While SaaS arrangements may offer significant benefits, organizations should carefully assess the risks and remedies when considering them. When in doubt, consult with an information technology attorney to ensure the terms of your SaaS agreements meet the needs of your company.
Milton L. Petersen is an attorney whose practice focuses on information technology-related transactions and issues. He is a partner in the Information Technology Practice Group at the law firm of with HunterMaclean in Savannah and can be reached at 912-238-2629 or firstname.lastname@example.org.