Covid-19 Update: We are continuing to provide our usual services whilst maintaining the safety of clients and colleagues. Read our latest update here.

Complete the form below to ask us a question or make an enquiry. We’ll get back to you via phone or email as soon as possible.

Insights

Essential guidance for negotiating software as a service (SaaS) contracts

Posted on 21st February 2020 in Intellectual Property

Posted by

Jill Headford

Partner and Solicitor
Essential guidance for negotiating software as a service (SaaS) contracts

With the increase in cloud computing, SaaS has become a widely adopted model for procuring software that would otherwise require investment in hardware, hosting and development. There are a number of important considerations for the customer buying access to the software when entering into a SaaS agreement.

Focus on results

It can be tempting to view SaaS as just a licence to use the supplier’s software with an agreement for the supplier to host the software on their servers. However it is more helpful to focus on the service the software provides rather than the technical specification of the software. Much of the code and the development work stays on the supplier side with the customer just accessing the software, it is therefore much better to focus the specification on measurable results (i.e. to deliver a certain output within a certain timeframe).

Supplier financial stability

Assess the supplier’s likely ability to deliver the software over its expected lifespan. Typically the customer does not obtain a licence to operate the software independently of the supplier’s servers which means if the supplier fails, access to the software stops. Also assess the supplier’s dependence on sub contractors to deliver and the financial stability of those subcontractors, for example third party hosting.

Disaster recovery

What happens if it all goes wrong? Assess the supplier's own disaster recovery/business continuity arrangements. Ideally they would have a plan to recover all data within a specific timeframe. As part of this assessment, consider your dependence on the supplier and the services and what you would do if access was withdrawn in part or in full.

How easy can you switch to an alternative supplier?

How easy or difficult is it (and hence the time and resources required) to switch to an alternative supplier? Ideally the contract should include termination provisions on notice and obligations on the supplier to transfer data to a replacement supplier within a specific timeframe.

Compliance with GDPR requirements

The customer will almost certainly be the data controller for the purpose of personal data stored on the SaaS supplier’s servers which could be anywhere in the world, including on subcontractor’s server. This inevitably means that personal data processed by the SaaS product is within the customer’s responsibility but outside of its direct control. This makes it vital to assess the entire chain of responsibility to ensure you know where that data could end up. While there should be suitable warranties by the supplier to comply with GDPR in the SaaS contract, this alone is not enough and the customer really needs to make its own investigation.
These are of course just a few of the specific matters relevant to SaaS contracts. All the usual concerns when negotiation IT contracts around duration, termination, limitations of liability, exclusions and intellectual property rights will also apply.

If you require any advice regarding any matter similar to this, then please do not hesitate to get in touch with our experienced team of Intellectual Property Solicitors in Devon on 01392 207020.

Company & Industry

Related Insights

Insights

Supreme Court delivers judgment on whether iPhone users entitled to compensation

Posted on 12th November 2021 in Intellectual Property

In a very clear judgment handed down on 10 November 2021, the Supreme Court has confirmed that, in order to claim compensation from an organisation which has breached its requirements as a data controller under the Data Protection Act 1998 (“the Act”), an individual must prove that the failure has caused material damage or distress to the individual concerned.

Posted by

Oliver Kent

Trainee Solicitor
Insights

Homeworking and the importance of cybersecurity

Posted on 25th March 2021 in Intellectual Property, Coronavirus Pandemic

Having staff working remotely has presented significant challenges for many businesses, but one of the most difficult to address is the increased cybersecurity risk. As many companies did not have sufficient opportunity to prepare for the transition to homeworking, they may not have identified potential cybersecurity issues. Moreover, it is now much harder to monitor staff and ensure they are following safe practices.

Posted by

Jill Headford

Partner and Solicitor