When providing SaaS services you must specify in your SaaS agreement who is responsible for the backup/loss of customer data. The extent of your backup duties should be included in the service level agreement (SLA) and these will be dependent on a number of factors set out below.
Backup Process
You should set out details about the nature of the backups and the data media being used, for example:
- will the backup be made to tape or disk or using some other media
- how often will the backup media be changed/rotated/updated
- how often will backups be made i.e. hourly/daily/monthly
- will incremental backups be made
Security
In view of customer concerns over data security it is essential that you provide details of where and how the backup media will be stored, for example:
- will this be at a physically separate location
- will a provider other than the hosting centre be used
- what security is in place at the storage location
- who has access to the facility
- is emergency power available
Disaster Recovery
This should be considered as an add on extra, to cover the eventuality that the hosting centre (where the SaaS software and data backups are created) becomes unusable. The disaster recovery centre should be physically remote from your hosting centre to avoid a double hit! Other points to consider are:
- carefully define what a “disaster” is
- set out expected data recovery times
- test your disaster recovery procedure at least once a year
Commercial Considerations
The exact nature and extent of any data backup (and related disaster recovery) services that you offer to SaaS customers will depend on:
- how much has the customer pays for the SaaS solution, maintenance and support
- whether or not service credits are offered for breaches of error fix times
- whether the SaaS application is business critical i.e. online banking
- what is standard in that particular business area
Exclusions
Ensure that errors or problems caused by something beyond your control are excluded from your obligations i.e. loss of data caused by the customer’s failure to use the specified browser, hardware, virus checking programmes etc.
Help
Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:
irene.bodle@bodlelaw.com
www.bodlelaw.com
To register for my newsletter click here
______________________________________________________
Other related articles:
- SaaS, ASP Agreements – SLAs Explained – Essential Elements
- SaaS, ASP Agreements – SLA – Terms to Include
- SaaS, ASP Agreements – SLA – Security Issues
- SaaS, ASP Agreements – SLA – Business Continuity and Escrow Agents
- SaaS, ASP Agreements – SLA – Maintenance and Support Requirements
- SaaS, ASP Agreements – SLA – Service Credits
- SaaS, ASP Agreements – SLA – Maintenance
- SaaS, ASP Agreements – SLA – Error Fix Times
- SaaS, ASP Agreements – Essential Elements
- SaaS, ASP Agreements – FAQs – Security
- SaaS, ASP Agreements – FAQs – Confidential Information
- SaaS, ASP Agreements – FAQs – Software Licence
- SaaS, ASP Agreements – FAQs – Source Code and Object Code
- SaaS, ASP Agreements – FAQs – Escrow
- SaaS, ASP Agreements – FAQs – Data Protection
- SaaS, ASP Agreements – Data Protection and Safe Harbor, Issues with German Customers
- Legal Clauses to include in a SaaS Sales Proposal
- Cloud Computing and the Legal Cloud
- SaaS, ASP, Software on Demand – Confused?