Key Considerations When Contracting Cloud

The cloudA post on the website of Baker McKenzie discusses what a general counsel should consider when looking at a contract for cloud and AI services.

“As cloud-based software will continuously change, the user cannot easily prove that certain functionality used to work fine, but is no longer available or working. For this reason it makes sense to check whether the key features are (or can be) described in a document and to refer to that description in the agreement,” according to the post.

The discussion covers moving to another provider, verification that everything is in check, and spelling out the right restrictions on use of data.

Read the article.

 

 




Software as a Service (SaaS) Agreements: Who Owns What?

The Tech & Sourcing blog of Morgan Lewis takes a look at Software as a Service (SaaS) agreements — starting with the perspective of a solution that uses a dedicated service.

The authors of the article describe this scenario: “The application is provided and hosted as a dedicated instance, with common base software (sometimes with customization or variation) but running as a separate instance in a dedicated environment.”

The discuss:

  • Base software and documentation
  • Generally available modifications and enhancements
  • Code customization
  • Configurations and integrations
  • Customer and user data (including aggregated data)
  • System performance data

Read the article.

 

 

 




Contractual Considerations for Lawyers Using the Cloud

The cloudBecause law firms are such desirable targets for hackers, firms have had to find solutions for keeping the intruders at bay. They can use internal systems managed by employees of the firm, or they can go to a cloud-based solution, such as software-as-a-service (SaaS).

Writing for Above the Law, Scheef & Stone partner Tom Kulik points out that SaaS platforms can help offset the cost by offloading technical and security expertise to the SaaS provider. But the standard contract terms offered by these providers do not weigh in favor of the law firm.

In the article, Kulik discusses some points to consider when a firm is considering entering into a contract for SaaS.

Read the article.

 

 




Keep SaaS And Cloud Contracts Light On Specifics, But Heavy On Revenue Opportunities

Solution providers shouldn’t let long, tedious contracts get in the way of closing deals, advised lawyer Mark D. Grossman when he spoke at the Ingram Micro One conference.

His advise was aimed at users of SLAs, or service level agreements, for cloud-based processes.

CRN reports that Grossman said solution providers should design a “cookie-cutter” contract – one that can be used with multiple clients with little modification – to make the sales process much shorter.

Reporter Joseph F. Kovar writes that Grossman said the key to that is to keep as much of the contract as ambiguous as possible. “None of this is unethical or immoral,” he said. “Everything is agreed to … I want to help you close deals. Don’t get bogged down in legal terms.”

Read the article.

 

 




Negotiating Contracts: 12 Key Terms to Negotiate in a Software as a Service or Cloud Service Agreement

By 
Scott & Scott LLP

Software as a Service and Cloud Service offerings have become ubiquitous digital platforms for many enterprises and small businesses in their quests to provide a single unified platform to their employees and customers. Providers offering Software as a Service and Cloud Services allow end users to access software and infrastructure remotely from any location and storing data with a provider. Because of the risks associated with storing data in the cloud and the need for uninterrupted access to the data, businesses want to be sure that they understand their requirements when entering into a cloud service agreement with a provider. The following is a list of suggested requirements when negotiating Software as a Service or Cloud Service agreement (these are not in any particular order):

1. Demarcation

A demarcation point is typically defined to establish the point at which the service provider’s obligations under the contract end and the customer’s responsibilities begin. Demarcation points are often used in warranties and service level agreements to assure customers that services will be provided up to the point of demarcation. This creates a clear delineation of responsibility to calculate service level credits, and anything that occurred on the customer’s side of the demarcation point, will not be a breach of warranty or entitle the customer to service level credits.

2. Service availability

Service availability relates to the ability of a business to access the software and/or the data at all times. Businesses want to ensure that they have access to the provider’s services and the ability to retrieve and use the data stored on the provider’s systems. Service interruptions generally occur when: a server is down, the internet connection fails, provider withholding service because of a fee dispute, natural disaster at the data center, or the provider closing its doors because of bankruptcy. In any event, business should insist that provisions covering service availability and service levels are outlined in the agreement.

3. Service levels & Service Level Credits

There are two general approaches to service levels or service guarantees. One is the time it will take the service provider to respond to an incident, the other is the guaranteed availability of the systems (i.e., uptime). Service levels are typically outlined in a service level agreement (an SLA). The contract should outline what the provider will guarantee in terms of uptime or response times. If the provider fails to meet the guarantees, the contract should outline whether the end user can request a service level credit. Additionally, business should consider including a right to terminate if the provider consistently fails to meet the service guarantees.

4. Data – Ownership rights, security, backups, and conversion

Business customers must be mindful that their data is among the most important information they own, and ensuring the cloud service provider treats that data appropriately should be one of the paramount issues when negotiating a cloud service agreement. Business must ensure that they own the data, understand how the service provider can use, aggregate, or manipulate the data, and identify its requirements for the provider to protect the security and confidentiality of the data. The business should make sure that the cloud service provider agrees to a specific schedule for performing and testing backups.

5. Insurance

Good cloud contracts should always address what insurance the parties must carry. Cloud service providers should maintain insurance for instances of data loss that cause business interruptions. End users should consider first-party insurance that will cover expenses related to data loss or breach.

6. Indemnification

Indemnification requires one party to pay for defense costs and any damages awarded when a third party makes a claim against the other party. It is critical for the parties to understand when they will be required to indemnify the other party and whether the limitations of liability will apply to an indemnification claim. It is important to ensure the contract provides indemnification for data and security breaches as well as intellectual property infringement.

7. Limitation of liability

One of the most important provisions in a cloud or software agreement is the limitation of liability that applies to either party in the event of a claim or dispute between the parties. A good limitation of liability provision will balance between the potential financial losses the customer can incur and the financial risk the provider is willing to take given the revenue the project will generate. In many instances, the parties will negotiate a relatively low limitation of liability, e.g., one year of services and then carve out some claims that are less likely but can be significantly more costly. These carve-outs include: indemnification obligations, confidentiality obligations, claims covered by insurance, and infringement claims (this is not an exclusive list).

8. Warranties

Generally, cloud service contracts contain many of the following warranties: (1) that the service will materially conform to the documentation, (2) the services will be performed in a workmanlike and professional manner, (3) the provider will provide the necessary training for the customer to use the services, (4) the services will comply with federal and state law(s), (5) the provider has sufficient authority to enter into this agreement, and (6) the parties have the authority to enter into the agreement.

9. Intellectual property

The parties can often overlook intellectual property rights when negotiating a cloud service agreement, but this oversight can be costly. In instances where the provider will develop products or implement services, the parties should clearly identify who will own any intellectual property that results from the development or implementation.

10. Implementation

When the provider will perform implementation services, the parties may choose to identify those services in a Statement of Services or Statement of Work. A good statement of work will include all the services that the provider will perform and should also include any services that will be excluded.

11. Term, Termination, & Transition Services

The term of a cloud service agreement varies but can be based on a yearly subscription. Some agreements have automatic renewal provisions. Parties should clearly identify when and if the parties can terminate for convenience, whether there are cancellation penalties, whether the provider can increase service fees on a periodic basis, and whether the provider will transfer the business’ data at the end of the relationship. If there is a transfer provision, the parties should also specify the acceptable formats for data delivery.

12. Fees

When the provider calculates service fees based on the number of users or devices, the end user should have the ability to adjust the users on a periodic basis to reflect the actual number of users or devices.

Conclusion

Whether you are a service provider or an end user, cloud agreements can help you understand your rights and your obligations. While there are many new issues when a third-party is holding sensitive data in its environment, a good services agreement can minimize misunderstandings and protect each party.