Should SaaS suppliers include disaster recovery provisions in a SaaS agreement? If so, what provisions should be included in the SaaS agreement and where.

Disaster Recovery

Disaster recovery sets out the processes and procedures to be followed by a SaaS supplier in the event of its SaaS software and subsequently a SaaS customer’s  data not being accessible. The disaster usually results from a problem with the technology infrastructure on which the SaaS software is being made available, i.e. the SaaS supplier’s data centre or telecommunications provider.

Disasters

The most common disasters are:

  • power failure at the data centre;
  • physical damage at the data centre i.e. flood or fire;
  • physical damage to SaaS customer data i.e. loss, corruption or deletion;
  • insolvency of the data centre or third party telecommunications provider;
  • theft of hardware on which the SaaS software operates.

In any of these circumstances, the disaster usually makes the server on which the SaaS software is running unavailable to the SaaS customer.  As a result, the SaaS customer will not have full access to the software, SaaS services and its data. Where a SaaS customer is operating a live website, the website will cease to function correctly, or possibly at all.

Disaster Recovery Provisions

The following disaster recovery provisions should be set out in the SLA which forms part of the SaaS agreement:

  • the right of a SaaS customer to be informed of the disaster;
  • the obligation of the SaaS supplier to keep the SaaS customer informed of steps being taken to rectify the disaster;
  • the estimated time for restoring servers and SaaS customer data;
  • the right for the SaaS customer to terminate or be given a copy of SaaS customer data in the event of a disaster;
  • details of the SaaS supplier’s testing procedures i.e. how often its disaster recovery processes are tested.

Costs

The extent and speed of the disaster recovery offered by a SaaS supplier will depend upon the level of fees charged for the SaaS services. SaaS suppliers often include the costs of basic disaster recovery within their licence fees. In addition, or as an alternative, they may offer higher levels of disaster recovery for payment of additional fees. The faster and more individual the disaster recovery process is, the higher the fees will be.

Alternatives

If a SaaS supplier does not provide any disaster recovery services, or a SaaS customer is not satisfied with the disaster recovery offered, it should consider setting up its own disaster recovery procedure with a third party, particularly if a disaster would be business critical i.e. for a SaaS customer providing online banking services.

Some companies such as the NCC and Iron Mountain offer third party disaster recovery services to SaaS customers directly, whereby they  take over hosting of the SaaS services to ensure continuity of services for the SaaS customer.

Help

Irene Bodle is an IT lawyer specialising in SaaS, with over 14 years experience in dealing with SaaS, cloud computing and IT law issues. If you require assistance with any SaaS agreements, cloud computing concerns or any other IT legal issues please contact me at:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

_________________________________________________

Other related articles: