IT Services Contract Review – Check List

Reading through IT services contracts can be a complex and time consuming process.

IT services contracts types include:

  • SaaS – Software as a Service
  • PaaS – Platform as a Service
  • IaaS – Infrastructure as a Service
  • MSP – Managed Service Provider
  • Maintenance Support Drawdown

If you’re not in the position of hiring legal counsel to consult to your business, here are some of the high level areas you need to consider below for services contracts.

  1. Acronyms – make sure that if there are any acronyms in the agreement that they are covered off in a glossary of terms
  2. Legal Entity – both yours and theirs – make sure they are correct, ABN’s, company addresses etc.
  3. Data Ownership – This is critical. The value of your business could hinge on where your data is sovereigned and how your data is potentially used.
  4. Data Exit – if for whatever reason you decide the service is no good for you and you decide to cancel your obligation, make sure you can get the data OUT of the system at little to zero cost. Lots of vendors note a data retrieval/exit fee.
  5. Data Entry – if your system has requirement for large amounts of data to be imported e.g. email archival tool, make sure the ingest costs are reasonable – or better still, waived.
  6. Data Use – with any environment where you create data or control data, you should have a clear understanding how the service itself uses your data and whether it is onsold, commercialised or monetised beyond your own use. Anonymising the data is the minimum you should be seeking.
  7. Data Anonymity – at all times, your data shouldn’t be able to be abstracted and identified back to end people. It should be encrypted and specific details like credit card numbers and sensitive information obfuscated. This is where an understanding of security models is handy.
  8. Security – any undertaking to secure your content is good. The more the better. Again, an understanding of the types of security on any system and where they apply, how they work is highly useful.
  9. Backup – check that the data and your developed intellectual property e.g. customisations to the service/platform are backed up.
  10. Contract Term – 12, 24, 36 months? Longer? Be sure you’re happy with the term
  11. Notification – Often there is a clause in a contract indicating you need to give in writing notification for Renewal of Contracts, and if you fail to do so, the contract is automatically reinstated for the original Contract Term. As an example, I’ve recently come across a contract that was a 36 month term with a notification period of 12 months. This mean that if you didn’t notify the business at the 24 month point (12 months before contract end) of your intentions to move away from the service, it automatically reinstated to the original contract term – another 36 months. Strike a clause like this out as soon as you spot it. Replace it with a 30 days notice to terminate and make sure that they as a service provider are signed up to as long as you negotiate e.g. 3 to 6 months is handy. The rationale for the longer tail is that the service providers capacity to deliver the service is limited by your ability to use the service in a meaningful way. You however have no insight to the service providers planning and product development, so if they gave you only 30 days notice that they were going to change the service, switch it off or massively hike the price, you have no visibilty to incorporate such changes into your own business planning and forecasting.
  12. Support/Help – Make sure that what ever support/help/documentation you were seeking during negotiations or the sale process is captured by the head contract.
  13. Jurisdiction – State, Territory, Country of presiding law needs to be examined. Make sure you’re happy and can deal with with the one cited if things go pear shaped.
  14. Maintenance? The general standard is 20% of the buy price of the original software/service. What does it include? Patches? Support? Engineering access for fixes? Feature development?
  15. Termination – be on the look out for penalty clauses, severance fees, data deletion/retention triggers.

Where the contract covers off multiple products/services in an attempt to create a “one size fits all” approach to the negotiation ensure that the product YOU are actually signed up for is explicitly stated in the schedules OR the other products cited are struck out of the head contract.