Archive for April, 2013

SaaS Agreements – FAQs – What is a SLA?

SLA is the common abbreviation used for a service level agreement. When providing SaaS services to customers you need to include a SLA in your SaaS agreement, either as part of the main terms of your SaaS agreement or in a specific SLA schedule. A SLA should set out the following support and maintenance services that you will provide to customers to ensure that the SaaS software is made properly available to them.

Availability

The level of availability of the SaaS software should be stated in percentage terms. The basis on which availability is calculated should be included i.e. monthly, annually and any exclusions from the calculation should be clearly stated.

Software Support and Maintenance

Customer support is usually provided to assist customers when problems arise with the availability or functioning of the SaaS software. Customer support provisions should include:

  • A description of the support services to be provided;
  • The times and days on which support will be provided;
  • How support will be provided i.e. online, via telephone;
  • Response and resolution times for dealing with SaaS software problems; and
  • Maintenance times for carrying out updates, repair and maintenance to your SaaS software.

Hardware Maintenance

SaaS providers use servers (hardware) usually located in a third party data centre to host their SaaS software. The provisions to be included in a SLA will be determined by the level of service that the third party data centre provides to the SaaS supplier. The data centre provisions should be reflected in the terms of your SLA but will generally include:

  • A brief description of the security provisions in place at the data centre;
  • A brief description of the technical infrastructure at the data centre;
  • Any applicable disaster recovery provisions;
  • Backups of data.

Commercial Considerations

The way in which you incorporate a SLA into your SaaS agreement and the degree of detail that you provide to SaaS customers will largely depend upon the following:

  • The type of SaaS products and services you are supplying;
  • How much the customer pays for the SaaS product and services;
  • Whether the SaaS product is business critical i.e. online banking;
  • What is standard in that particular business area; and
  • The terms of the hosting agreement with your data centre.

Summary

Due to the unique nature of a SLA you will need to seek specialist legal advice on the content of a SLA whether you are a supplier or a customer to ensure that your rights are adequately protected.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

 

SaaS Agreements – Data Protection – FISA Customer Concerns

SaaS suppliers who use US public cloud providers to store, process or host their SaaS customer’s data as part of their SaaS services may now experience customers raising concerns about the risk of disclosure to, and monitoring of, their data by the US government under the Foreign Intelligence Security Act (FISA).

FISA

FISA (a US law) gives the US government the right to access and monitor the personal data of non-US citizens (who are located outside of the USA) held by US public cloud providers (i.e. Amazon or Google), without a warrant for a period of up to one year, for the purposes of acquiring foreign intelligence information. Public cloud providers must secretly provide all assistance, facilities and information requested by the government. They are not permitted to inform SaaS suppliers that they have disclosed or been asked to disclose personal data or that it is being monitored.

Breach of European Data Protection Laws

Data protection laws in the 27 countries of the EU all prohibit the disclosure of personal data without a data subject’s consent or knowledge. The provisions of the FISA conflict directly with English and EU data protection laws.

The recent amendment to this US law adds to the concerns raised by the Article 29 Working Party last year in their opinion on cloud computing and data protection. In this opinion, which amongst other things the working party said that EU businesses using cloud services i.e. SaaS customers must ensure that non-EU providers i.e. SaaS suppliers comply with EU data protection laws and that simply relying on a US company’s safe harbor registration was not enough.

FISI is not the only Problem

SaaS customers often falsely believe that their data is “unsafe” due to the fact that SaaS supplier’s use third party data centres to store and process their data. However the risks of personal data being disclosed apply regardless of whether or not data is stored or processed in a SaaS model. Most countries including the UK, France, Spain and Belgium have data disclosure laws that all, not just SaaS suppliers, must comply with. For example in the UK the Regulation of Investigatory Powers Act 2000 (RIPA) requires companies to disclose the content of communications to police forces.

Also data stored or processed anywhere outside of the EEA, in a country which does not have equivalent protection, will be subject to all local disclosure laws i.e. in China and India, and such local laws may be much wider than FISA.

In addition, in the USA notwithstanding FISA, the US authorities can access customer data when it is hosted outside of the USA and there is no company presence in the USA under Mutual Assistance Legal Treaties (MLAT).

Assessing the Actual Risks

SaaS customer concerns about FISA are valid but these must be considered in light of:

  • The type of data SaaS customer’s are providing;
  • The likelihood of the customer data ever being monitored or requested; and
  • The fact that customer data is already subject to similar disclosure obligations to the UK government and foreign governments under other existing laws.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

 

SaaS Agreements – Terms and Conditions – The Bribery Act 2010

If your are a SaaS supplier or SaaS customer you should be aware of the provisions of the Bribery Act when negotiating the terms of a SaaS agreement. The Bribery Act 2010 (“Act”) has been in force since July 2011. It aims to distinguish between hospitality (which is permitted) and bribes which are illegal. A breach of the Act can result in an unlimited fine and a maximum prison sentence of 10 years.

Relevance to SaaS Customers

The Act applies directly to SaaS customers. SaaS customers will be liable under the Act for any breaches of the Act caused by their agents or subcontractors i.e. their SaaS suppliers.

In order to protect themselves against such breaches, SaaS customers are increasingly requiring SaaS providers to include anti-bribery provisions in the terms of their SaaS agreements. Such provisions are generally acceptable if they simply state that the SaaS supplier complies with the 6 principles of the Act and has adequate measures in place to ensure compliance.

Relevance to SaaS Suppliers

SaaS suppliers operating mainly in the UK with UK based customers will generally not be affected by the Act, provided that the levels of hospitality that they offer to SaaS customers are proportionate to the SaaS provider’s business, i.e. the reasonable cost of meals out, tickets and travel expenses to events. No definition of excessive hospitality is given in the Act or the guidance to it. It is therefore advisable to keep records of all hospitality entertainment and its purpose so that evidence can be provided at a later date if necessary.

Note that if you are a SaaS supplier operating outside of the UK or you have SaaS customers based in developing countries you should be particularly careful about complying with the Act, as “hospitality” which is usual or acceptable in a developing country such as paying third parties in order to win a contract, could be considered a bribe under the Act.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles:

  
Bodle Law
Assign a menu in the Left Menu options.
Assign a menu in the Right Menu options.

This website uses cookies. You may not use this website, unless you agree to our use of cookies. For further details about the cookies we use please visit our Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close