This article sets out a few things that you should look for when reviewing software as a service (SaaS) terms.
Technology has helped a dislocated workforce carry on through lockdown. SaaS products have assisted in business resilience by letting us work together without being in the same physical space. SaaS has helped us maintain a presence and develop rapport while preventing isolation and detachment. SaaS also has the benefit of being flexible as new products can be adopted without IT teams having to get their hands on devices.
Despite the practical advantages of rolling out a SaaS product, care should still be taken over the legalities. Obviously, you will not always be able to negotiate the terms on which SaaS is provided. For example, you will not be able to amend your Zoom or Teams terms which will only be provided on as ‘as is’ basis.
Force majeure clauses
The drafting of the (now very topical) ‘force majeure’ clause is important. This is because the term force majeure has no defined meaning in our legal system. It is created entirely by the contractual terms. In a SaaS context, this clause will generally excuse a supplier’s non-performance due to circumstances beyond its control. Most sensible suppliers will include ‘Pandemic’ and ‘actions by Government bodies’ but it is important to carefully consider what else comes within the definition of a force majeure event.
Some suppliers will excuse their own non-performance due to a default in their own supply chain. To me, this should be resisted; this is the sort of risk that should properly sit with the supplier. You should also check what happens to your obligations during the supplier’s period of non-performance due to force majeure. Are you still required to pay when your supplier fails to deliver on its end?
On the whole, force majeure clauses benefit suppliers. This is because, as a customer, your main obligation will be to pay. Although a pandemic may significantly impact on your financial position, it will not relieve you of your payment obligations. Given the likelihood of a second spike, or a re-emergence of the first wave, it may also be worth considering whether you need to put in place a right to suspend or terminate the contract in this scenario. It is better to sort it out now rather than rely on goodwill later.
Supplier resilience and service
You should consider how resilient your supplier is, both in terms of how they have handled COVID-19 and from an organisational perspective. It would be sensible to consider credit checks or utilise a smart assistant like Brisk. You should look into your supplier’s cyber security profile, particularly if the supplier is storing your data, and question how they use open source software, given the propensity to contain high-risk vulnerabilities. You should investigate whether the supplier has robust disaster recovery plans. Although this will often be flushed out in the due diligence stage, it is often the case that they are not included in the contractual terms.
If you are using the SaaS product across group companies, you will also need to ensure that you are authorised to do so and that your group companies are entitled to benefit from the SaaS product. Without this, the supplier will not be responsible for loss suffered from group companies even where it fails to meet its obligations.
You also need to consider the service levels. Some suppliers commit to guaranteed availability, while others offer something less concrete, such as using commercially reasonable endeavours to provide the services. Consider how availability is measured: uptime of 99% during business hours is good but 99% availability measured over a month, including evenings, nights and weekends, may not be fit for purpose. You will also need to check what availability carve outs are in place for scheduled and unscheduled maintenance.
To get tailored advice on your SaaS contracts, speak to our Technology team for more information.
The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at July 2020.