SLA is the common abbreviation used for a service level agreement. When providing SaaS services to customers you need to include a SLA in your SaaS agreement, either as part of the main terms of your SaaS agreement or in a specific SLA schedule. A SLA should set out the following support and maintenance services that you will provide to customers to ensure that the SaaS software is made properly available to them.
Continue readingYear: 2013
SaaS Agreements – Data Protection – FISA Customer Concerns
SaaS suppliers who use US public cloud providers to store, process or host their SaaS customer’s data as part of their SaaS services may now experience customers raising concerns about the risk of disclosure to, and monitoring of, their data by the US government under the Foreign Intelligence Amendments Act (FISA).
Continue readingSaaS Agreements – Terms and Conditions – The Bribery Act 2010
If your are a SaaS supplier or SaaS customer you should be aware of the provisions of the Bribery Act when negotiating the terms of a SaaS agreement. The Bribery Act 2010 (“Act”) has been in force since July 2011. It aims to distinguish between hospitality (which is permitted) and bribes which are illegal. A breach of the Act can result in an unlimited fine and a maximum prison sentence of 10 years.
Continue readingSaaS Agreements – Data Protection – Cyber Security Issues
SaaS Customers are increasingly raising questions about the security provisions that SaaS suppliers include in their SaaS agreements and insisting on including onerous rights of audit to monitor and check compliance. Under the UK’s Data Protection Act (DPA) SaaS customers (data controllers) are required to take appropriate technical and organisational measures to prevent the:
unauthorised or unlawful processing of personal data; and
accidental loss, destruction or damage to personal data.
In order to comply with these duties and avoid substantial fines SaaS customers need to ensure that SaaS suppliers have adequate security measures in place to prevent data protection breaches from occurring.
Continue readingSaaS Agreements – FAQs – What is SaaS?
SaaS is the abbreviation for “software as a service”. You may know this under another name, for example ASP services (application service provider), software on demand or software subscription. These names all refer to the same thing – software being made available via the Internet to users.
What is a SaaS Agreement?
A SaaS agreement is simply the name used for the agreement between a SaaS supplier and a SaaS customer which sets out the terms under which SaaS software may be accessed. This will usually include a service level agreement (SLA).
Continue readingSaaS Agreements – FAQs – Transferring Data Outside the EEA
When negotiating a SaaS agreement with SaaS customers you will often need to transfer customer data outside of the EEA (European Economic Area). This could be at the request of your customer or more usually because you have a sub-contractor such as a data centre located outside of the EEA. SaaS suppliers should be aware of the following in order to comply with their duties under the Data Protection Act.
Continue readingSaaS Agreements – Terms and Conditions – Need for an Arbitration Clause
SaaS customers and suppliers entering into business to business (BTB) contracts are increasingly using arbitration clauses in their SaaS agreements to avoid going to court to resolve disputes. If you do not already have an arbitration clause in your SaaS agreement it is worth considering adding one for the following reasons.
Continue readingSaaS Agreements – Data Protection – Changes to BCRs
The Article 29 Working Party, which represents the European data protection authorities (DPAs), recently announced that data processors (i.e. SaaS suppliers) can now use binding corporate rules (BCRs) to transfer personal data outside the European Economic Area (EEA). Previously the use of BCRs was limited to data controllers (i.e. SaaS customers).
Continue readingSaaS Agreements – Data Protection – Recent ICO Fines
The Information Commissioner’s Office (ICO) has started to issue very high fines to a number of companies and individuals, not just for serious breaches of the Data Protection Act (DPA), but also for breaches of the Privacy and Electronic Communications Regulations (PECR). Below is a summary of the recent fines and the reasons for them being imposed.
Continue readingSaaS Agreements – Terms and Conditions – Limitation of Liability
The terms of a SaaS agreement should always include a clause limiting the SaaS supplier’s liability to the customer. The specific details of the liability clause will depend upon the type of SaaS software being supplied, the value of the SaaS agreement and what is usual in the business sector in which the parties operate.
The following issues should be covered by the limitation of liability clause in most SaaS agreements.