A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers



Similar documents
SaaS Due Diligence Checklist

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

Cloud Computing Contracts Top Issues for Healthcare Providers

Cloud Computing: Legal Risks and Best Practices

Contracting Guidelines with EHR Vendors

Mobile App Developer Agreements

Contracting Guidelines with EHR Vendors

Information Disclosure Reference Guide for Cloud Service Providers

Cloud Computing Contracts. October 11, 2012

Checklist for a Watertight Cloud Computing Contract

How To Protect Your Data In The Cloud

Electronic business conditions of use

Supplemental IT Solutions: More Reliable Networks Are Our Business

SAAS MADE EASY: SERVICE LEVEL AGREEMENT

15 questions to ask before signing an electronic medical record or electronic health record agreement

CLOUD COMPUTING DUE DILIGENCE A CHECKLIST FOR LAW FIRMS. Practice Better

An Introduction to the Technology and Ethics of Cloud Computing. Jack Newton Co founder and President Themis Solutions Inc. (Clio)

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Practice Resource. Cloud computing checklist. Introduction

Tactical Guideline: Minimizing Risk in Hosting Relationships

Answered Questions regarding techsafe Online Storage Rev Technology Partners

2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks

Practice law, not IT. You can save costs while outsourcing to the US law firm technology experts!

UK Dedicated Servers Limited. Dedicated Server Terms of Service

Risk Management of Outsourced Technology Services. November 28, 2000

10 How to Accomplish SaaS

MPA Hosting Service Level Agreement

MAGICBOX WEBSUITE SERVICE LEVEL AGREEMENT (SLA)

Outsourcing Contracts Insights

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ).

Proactive. Professional. IT Support and Remote Network Monitoring.

Negotiating EHR Acquisition Contracts

Litigating in the Cloud - Security Issues for the Trial Practice

Software as a Service Decision Guide and Best Practices

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1

Top 9 Reasons. Why choose ISL Online as the enterprise remote support and remote access service?

Cloud Computing and HIPAA Privacy and Security

Website Hosting Agreement

SOFTWARE AS A SERVICE (SaaS)

Cloud Computing. What is Cloud Computing?

Data Privacy, Security, and Risk Management in the Cloud

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY.

LCM IT Asset Management

Contracting for Cloud Computing

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.

Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns

How To Make A Contract Between A Client And A Hoster

SaaS Terms & Conditions

(1) Helastel Ltd. (2) You WEBSITE HOSTING AGREEMENT

What are the benefits of Cloud Computing for Small Business?

Information security due diligence

CLOUD COMPUTING GUIDELINES FOR LAWYERS

Virtual Law Practice and the Online Delivery of Legal Services

Terms and conditions for Small Business Hosting

Applaud Solutions Technical Support Policies

Marval Software Limited. G Cloud iii Framework Service Definition

Cloud Computing: Impact on Your Library Presented by Rita Gavelis November 19, 2013

What is the Cloud and Saas? Introducing the Cloud and its Benefits

VMware vcloud Air HIPAA Matrix

How To Protect Your Data From Being Hacked

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY COMPANY.

ProjectManager.com Security White Paper

Web Hosting & Domain Name - Terms and Conditions

RL Solutions Hosting Service Level Agreement

LEGAL ISSUES IN CLOUD COMPUTING

Web Hosting Contract

What is the Role of an Application Service Provider (ASP)/Host?

Tableau Online Security in the Cloud

Public Cloud Service Agreements: What to Expect & What to Negotiate. April 2013

Cloud Computing for Small to Mid Size Businesses. Tech66, LLC William Burleson

1 ForestSafe SaaS Service details Service Description Functional Non Functional

Kroll Ontrack VMware Forum. Survey and Report

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Statement of Service Enterprise Services - AID Microsoft IIS

OpenStack Private Cloud Hosting in an Tier 3 Data Centre. G-Cloud Lot 1 IaaS

Adopting Cloud Computing with a RISK Mitigation Strategy

Making the leap to the cloud: IS my data private and secure?

Transcription:

A Checklist for Software as a Service (SaaS) Vendors and Application Service Providers This checklist is a longer version of a SaaS Checklist that appeared in the July 2009 issue of LAWPRO Magazine at page 23. It supplements the content in the Strategic Resourcing: Outsourcing and Technology opens doors to new thinking articles in that issue of the magazine. An electronic copy of the magazine is available at www.practicepro.ca/magazinearchives Under the Software as a Service or SaaS model (formerly called the application service provider or ASP model) you do not install the software you use on your own computer. Instead, you use an Internet browser to access the SaaS provider s website and you "run" the program and access your data across the web. SaaS takes many forms today, and almost all traditional law office software programs are now available in SaaS for, This includes standard office applications, such as Google Docs and Spreadsheets, time and billing or case management applications, and electronic discovery repositories and tool sets. There are several benefits to SaaS. First, you can access your data and work from anywhere in the world as long as you have an Internet connection. Second, SaaS gives you access to powerful functionality for a low monthly fee. You avoid the large upfront and ongoing maintenance costs for running network hardware and software in your own office. But there are potential drawbacks to the SaaS model your data is on a computer outside your physical control. Thus, before using a SaaS service, you should understanding how SaaS works and complete adequate due diligence on your SaaS provider. The following checklist 1 will help you determine the questions you need to have answered when investigating or negotiating with a SaaS vendor and will give you a good starting point for making good decisions about the role SaaS might play in your practice. 1 Portions of this checklist were adapted, with permission, from an Online Storage Vendor Checklist prepared in 2006 by several Practice Management Advisors, including Courtney Kennaday, Ellen Freedman, and Carol Seelig. 2009 Lawyers Professional Indemnity Company

Services and Operation What functionality does the SaaS provide? Is there a working demo you can try? How does that functionality compare to comparable software programs that would run on your own network or desktop? How do features vary under different plans? How will the SaaS application you are looking are using interact or integrate with the other software you use? Are there any limitations on who can use the SaaS? Must you use certain types or versions of browsers? Does the SaaS require installation of any plug-ins or other software to operate correctly? Is the SaaS hardware independent (important for Mac users)? Will your service be hosted on its own server? On a server you own? Are the vendor s servers in the US or elsewhere in the world? With regard to the data you will store on those servers, are there any issues under PIPEDA, The Sarbanes-Oxley or Homeland Security Acts. Pricing Do you understand the pricing structure? Are there different levels of services or different pricing plans? Based on your likely usage, is there an optimal pricing plan for you? Is there fixed pricing or are there incremental charges for storage, bandwidth or number of users? Do you understand how these incremental charges work? How confident are you that you can accurately predict what the cost will be? How can you avoid surprises if you increase bandwidth or storage costs suddenly? How often do you pay and what are payment terms?

Are you invoiced or are you expected to use a credit card? Are you billed monthly in advance or only after you use the service? Are there long-term discounts, such as paying for a year or two in advance? Is there a minimum contract period? Are there termination or other penalty fees? Are there extra charges for backup, restoring data or other services? Can I increase or decrease my service as I need to or shift to a different payment plan? Can you confirm exactly what you will be paying each month so that the first billing does not surprise you? Vendor Due Diligence What reviews and other information about the SaaS vendor can you find (including simply searching its name on Google)? How long has the vendor been in business? Does the vendor have certifications of any kind, especially for privacy and security? Does the vendor have experience with working with law firms and the special needs lawyers have for handling confidential information? Does the vendor's website give you confidence (up-to-date with useful information and links to articles and reviews)? Does the vendor's website have support or customer forums? Are they active and generally positive? How often does the vendor add new features to the SaaS? Is this a legal-specific SaaS? Does the vendor use a Tier 1 data center? Does the vendor have its own data center or does it outsource hosting functions?

How much detail will the vendor provide about data center, security and other facilities and procedures, including employee screening? Will the company provide financial information? Do they appear to be financially healthy? What forms of insurance does the vendor have? Will the company respond to a formal Request for Proposal (RFP) or are they simply offering a standard service? Will the vendor provide references from other customers? Contract Issues Is the vendor willing to negotiate contract terms or are you given only the choice of a "clickthrough" agreement? Do you understand what user rights you have and are they adequate to cover what you need? What warranties are provided (and not provided)? What disclaimers and limitations of liability are in the contract? How will confidential information be handled? Is there a Service Level Agreement (SLA) specifying uptime, response times, help desk and escalation procedures, and other technical requirements in detail? Are there remedies and/or penalties for failure to meet SLA requirements? Is there a named single point of contact to handle your account? Does the contract clearly spell out security, backup and similar requirements? Does the contract clearly spell out how and in what format your data will be returned to you if you request or the contract is terminated? Does the contract provide that the vendor will provide reasonable transition services in case you move to another SaaS vendor or decide to move the data back in-house? Are training and consulting services covered in the contract?

Are dispute resolution, choice of law and similar provisions acceptable to you? How and when must the contract be renewed? Is there a limit on how much the price can be increased upon renewal? What are you exit strategies? When and how can you terminate the contract? Have you limited the vendor's ability to terminate the agreement? What rights, especially unilateral rights, does the vendor have to change or eliminate the services or to change the contract terms? Are there usage or privacy policies that must be considered along with the contract? Will the vendor enter into an Nondisclosure Agreement for the period you investigate and negotiate a contract? Tech Support What are the options for tech support? What options can you choose from? Are these spelled out in the SLA or a separate document? Is the tech support 24x7x365? What support is free and what requires a separate fee? Are email addresses, phone numbers and pager numbers for support available and easy to find? Is tech support handled by the vendor or outsourced? Offshore or onshore? Does vendor notify you about interruptions or downtime, including scheduled maintenance? Does vendor require you to monitor or advise it of downtime or interruptions? How will vendor respond to slowness or other performance issues? Will you get notice of major updates of the service?

Reporting and Other Technical Details. Does the vendor provide regular usage, performance, audit or other reports? Does the vendor use Secure Socket Layer (SSL) or other security measures? How does the vendor encrypt data during transmission and when stored? Is there an administrator function for the service? How many administrators can you have? Are there policies and procedures in place for security breaches, data theft, privacy and other concerns? Does the vendor have specific procedures for handling client confidential information. Conclusion This checklist will get you off to a good start when considering SaaS and SaaS vendors from the simplest to the most complex services. Keep in mind that SaaS vendor contracts are often extremely one-sided and must be reviewed carefully. Despite protests to the contrary, the terms of SaaS agreements can and should be negotiated. Asking good questions and not resting until you get satisfactory answers will help you have a happy experience with SaaS.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information