Cloud and SaaS services are rapidly gaining traction with enterprises and SMBs -- yet IT, which is usually responsible for negotiating contracts with these service providers, may fall short in critical areas of contract negotiation and legal skills. The stakes are high. In a worst case scenario, you can simply realize that you made a mistake, and that you must get out of a contract. In less dire cases, you can find yourself relying on a vendor that doesn't execute to your business SLAs as your internal staff would. The best way to set expectations is by laying them out clearly in the contract that you sign with your vendor. This provides a platform for ongoing discussions about service levels.
[ RELATED: How to get out of a contract with your cloud provider</a> | FREE DOWNLOAD: 10 things to check before moving to the cloud | BOOK GIVEAWAY: The Economics of Cloud Computing: An Overview For Decision Makers ]
Large enterprises have their own legal departments, but most SMBs don't. SMBs (and even enterprises) are also very likely to either 1) not have a complete file of all of their contracts; or 2) not read all of their contracts end-to-end. A good practice is to audit your contract file for your SaaS and cloud providers to ensure that it is complete. If it isn't, and you find you have to ask your vendors for copies of these contracts, do it. In every case, be sure to read the fine print of each contract. This is where terms and conditions and also termination, and penalty clauses are buried.
It's also in the fine print where companies typically have disputes with vendors. The law frequently refers to contracts with an abundance of fine print as potential "contracts of adhesion." A contract of adhesion means that the vendor, which originally drafted the contract, likely drafted it to favor its own position. If you are the party entering into a contract that you have not completely read, you risk subjecting your company to a disadvantageous situation. Even if you're very comfortable reading, and negotiating the entire contract with your vendor, always consult an attorney before signing to ensure you haven't overlooked anything. An hour of attorney time for review and consultation is well worth the effort and the expense, especially if you later find yourself in an unhappy relationship with your vendor.
Here is a list of common, but very important "fine print" issues that companies miss when they don't read contracts closely:
Termination, opt-out and automatic renewal clauses: If they're not in the contract, present your own. If they are in the contract, make sure that you are comfortable with them and if you're not, modify them. Whatever you do, make sure that termination clauses are fair for your company and that you have the flexibility to leave a contract if you have to.
Penalties for non-payment: These generally come into play when there is termination, and most vendors do this fairly. The vendor requires you to give a certain number of days notice (30, 60, 90) to pay for that period. However, some vendors will try to charge for the "expectancy" of the contract. In other words, if the contract is for five years, and you want to get out after two years, they try to make you pay for the full five years, which you will not be using. If you have a vendor with terms like this, and the vendor will not modify them, it's best to find another vendor.
Intellectual property rights: If you are moving any proprietary company work (like custom-built applications, or data) to a cloud or SaaS vendor, be sure that your creative and intellectual property rights in this information remain yours, and that the vendor cannot use or share them with others.
Security warranties: You need the assurance from the vendor that your applications, and data are both private and secure. If a breach of either occurs, the vendor should be prepared to indemnify you for any losses you suffer (including lawsuits). This should be stated in your contract.
Product and performance warranties: The vendor should have mean time to repair and also system uptime and system support uptime guarantees in the contract. If these are missing, add them.
Vendor sharing of your information with third parties: Most vendors either tell you that they will, or will not share your data with third parties. If they have a clause pertaining to this, make sure that you agree with it. If you don't agree, write your own modification.
Procedures for disagreements and arbitration: Most contracts contain these. What you want to look for is the venue (i.e., location) for disputes and arbitration. Vendors tend to list the state of their home office as the place where arbitration or court actions occur. This can be costly if you are in California but your vendor is in Boston. The simplest thing to do is to change the state of venue for legal disagreements to your own home state. Most vendors are comfortable with this, but you are the one who has to bring it up.
Be sure to cover what's NOT in the contract
Another common oversight of companies is failure to consider what is NOT in the contract with their cloud or SaaS provider.
One area many companies miss is SLAs. "We don't provide our clients with SLAs, although we have our own internal SLAs," acknowledged one SaaS vendor recently. The same vendor estimated that probably 90 percent of SaaS providers don't give published sets of SLAs to their clients.
However, if you are a cloud or SaaS client, SLAs should be part of the contract with your vendor, because SLAs are warranties of performance. If you don't see SLAs specifically addressed in the contract the vendor presents to you, you should insist that SLAs be added, and these SLAs should reflect what you expect of vendor performance. SLAs can be written into an addendum that is attached and integrated into the contact. Along with this, you should write in an expectation that SLAs and SLA performance are reviewed quarterly (or minimally, bi-annually) with the vendor, with the opportunity to amend them based upon changing business conditions and mutual agreement between you and your vendor.
You should also write in provisions that address the account representative or project manager that your vendor assigns to you. Vendors want to put the right foot forward when they begin a relationship with a new client, so they tend to put strong performers in charge of their new installations. However, once a client is "onboard," it frequently gets assigned a new project manager who is not as effective as the original manager. Your cloud or SaaS project manager is the daily communications link from the vendor to your staff, and can make or break the success of a new service. Companies that are proactive in their contract negotiations write into contracts that they have the right to interview and accept any new project managers from the vendor.
Finally, terms of entry into a service such as time period, price, parties to the contract, are usually clearly identified, but exit strategies (i,e, termination clauses and conditions) often are not. No one likes to dwell on contract exits when they are contemplating entries into a service, but it is vital to understand the ground rules for both entries and exits before you sign anything. This precludes major headaches if you ever have to exit from a contract.
Contract negotiation is an opportunity to engage your cloud or SaaS vendor in a thorough discussion of the level of service, and support you expect for your company. It has also traditionally been under-emphasized as an important skill set in IT. But as more companies adopt cloud and SaaS solutions, knowing your way around contracts and contract negotiations is critical. The contract is a pivotal reference point for your ongoing relationship with your vendor. It is the information source that both parties go to when responsibilities become unclear, or when there are problems with project coordination or execution.
This article, "How to negotiate a contract with a cloud or SaaS provider," was originally published at ITworld. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.