With the increase in cloud computing, SaaS has become a widely adopted model for procuring software that would otherwise require investment in hardware, hosting and development. There are a number of important considerations for the customer buying access to the software when entering into a SaaS agreement.
Focus on results
It can be tempting to view SaaS as just a licence to use the supplier’s software with an agreement for the supplier to host the software on their servers. However it is more helpful to focus on the service the software provides rather than the technical specification of the software. Much of the code and the development work stays on the supplier side with the customer just accessing the software, it is therefore much better to focus the specification on measurable results (i.e. to deliver a certain output within a certain timeframe).
Supplier financial stability
Assess the supplier’s likely ability to deliver the software over its expected lifespan. Typically the customer does not obtain a licence to operate the software independently of the supplier’s servers which means if the supplier fails, access to the software stops. Also assess the supplier’s dependence on sub contractors to deliver and the financial stability of those subcontractors, for example third party hosting.
What happens if it all goes wrong? Assess the supplier's own disaster recovery/business continuity arrangements. Ideally they would have a plan to recover all data within a specific timeframe. As part of this assessment, consider your dependence on the supplier and the services and what you would do if access was withdrawn in part or in full.
How easy can you switch to an alternative supplier?
How easy or difficult is it (and hence the time and resources required) to switch to an alternative supplier? Ideally the contract should include termination provisions on notice and obligations on the supplier to transfer data to a replacement supplier within a specific timeframe.
Compliance with GDPR requirements
The customer will almost certainly be the data controller for the purpose of personal data stored on the SaaS supplier’s servers which could be anywhere in the world, including on subcontractor’s server. This inevitably means that personal data processed by the SaaS product is within the customer’s responsibility but outside of its direct control. This makes it vital to assess the entire chain of responsibility to ensure you know where that data could end up. While there should be suitable warranties by the supplier to comply with GDPR in the SaaS contract, this alone is not enough and the customer really needs to make its own investigation.
These are of course just a few of the specific matters relevant to SaaS contracts. All the usual concerns when negotiation IT contracts around duration, termination, limitations of liability, exclusions and intellectual property rights will also apply.
If you require any advice regarding any matter similar to this, then please do not hesitate to get in touch with our experienced team of Intellectual Property Solicitors in Devon on 01392 207020.