Editor’s note: Brandon George is corporate counsel for Laboratory Corporation of America Holdings. Will Cannon and Tiffany Burba are attorneys in Parker Poe’s Technology Industry Team.

+++

RALEIGH – The demand for software as a service (SaaS) and other cloud solutions has spiked during the COVID-19 pandemic. A wider swath of businesses now rely on those technologies to help their remote or hybrid teams collaborate.

That’s just the latest reason companies are partnering with cloud vendors on software and data storage, as these changes can also save costs, increase convenience, and align with industry standards.

Amid the shift to the cloud, however, there can be pain points for both the technology companies providing the solutions and the businesses using them. This is especially true when it comes to cybersecurity risks. Fortunately, companies can reduce this pain considerably by drafting a clear contract at the beginning of their business relationship. And while this may sound like a job just for lawyers, the best SaaS agreements come as the result of a successful collaboration between the lawyers drafting the contract, the business teams sponsoring the contract, and the IT teams operating the SaaS solution.

If the parties aren’t careful on the front end, they may not notice ambiguities until the business relationship has already broken down. For example, if an agreement doesn’t clearly define “permitted downtime,” and a SaaS vendor takes a service down for scheduled updates, a customer might argue that the uptime commitment was breached. Instead of opening themselves up to a misunderstanding, the parties should take some extra time during the negotiation process to think about (and memorialize in writing) the process for quantifying availability commitments before issues arise, with lots of input on both sides from their respective network operations and IT personnel.

Lawyers can make the contract negotiation process smoother by following (or helping to establish) a company’s internal procedures and preferences for negotiating technology agreements. For example, lawyers should talk to their clients’ business personnel before drafting a contract to understand how mission critical the service is to the organization, what types of sensitive data might be transmitted via the service, and how much risk the company is willing to accept in exchange for favorable pricing.

In turn, SaaS software users can make the process smoother by (a) identifying internal subject-matter experts who can ensure the contract accurately reflects the intended business deal, and (b) helping the lawyers understand the business case for why this contract is being signed and what value it adds to their organization. During these collaborative discussions, lawyers should clearly explain how legal jargon in the contract can translate to operational risks, whether in the form of increased costs, technical bottlenecks, reputational harm, business inefficiencies, or other unfavorable outcomes.

Key points

In terms of drafting the SaaS contract itself, licensors and customers alike can benefit from the following guiding principles:

  1. Adopt a “pre-mortem” mindset and always ask, “How could this go horribly wrong, and what protections can we put in place to avoid that result?”
  2. Despite #1, always assume that the worst-case scenario will happen, no matter how hard you tried to avoid it. Draft language in the contract to address those doomsday scenarios and allocate risk between the parties.
  3. When possible, use plain English instead of “legalese.” Think of SaaS contracts as a roadmap to the business relationship, where the primary audience is business and IT personnel. They need to be able to go back to the contract from time to time and understand key provisions that impact how the parties work together in the normal course of operations.

Summary

 Business leaders and their attorneys can maximize the cloud’s upside and minimize its downside by following best practices in negotiating cloud agreements and collaborating with all of their relevant internal stakeholders. They can also lean on their attorneys for additional insight on what is generally acceptable in the market and how other companies are approaching similar risks.

Brandon George is corporate counsel for Laboratory Corporation of America Holdings. Brandon manages a wide variety of commercial contracting matters with an eye toward managing institutional risk in the areas of privacy, intellectual property, and technology law. He can be reached at Georgb3@LabCorp.com.

 Will Cannon and Tiffany Burba are attorneys in Parker Poe’s Technology Industry Team, whose services include helping clients negotiate hundreds of sophisticated technology contracts every year. They can be reached at willcannon@parkerpoe.com and tiffanyburba@parkerpoe.com.

 The content of this article has been prepared for informational purposes only and does not constitute legal advice.