Clients tell us they are resistant to SaaS because of SaaS vendors’ unwillingness to offer unlimited liability. Sound familiar? It’s time to stop holding SaaS vendors to a higher standard than the alternative. Consider this: In-house systems do not offer unlimited liability. Very few non-SaaS vendors offer unlimited liability.
Say what? You did get unlimited liability? If your vendor does offer unlimited liability, beware. Small vendors are all too happy to sign up for things in the contracts. But, it’s hard to get them to pay up in the event of a serious incident. More likely, you’ll end up spending a lot of time in court and find there’s no money for them to pay out. Be cautious when you see this because it rarely will do you much good and it may be a sign that the vendor is taking on deals that are unsustainable in other ways, too – which makes them a vendor viability concern.
What should you do? Instead of honing in on the legal language of liability, ask for some reasonable yet meaningful liability (such as 2 years’ worth of fees) and focus the rest of your energy on due diligence and pushing for transparency. Check out the vendor’s processes, policies, and third-party certifications. Approach this more as a risk assessment than a contract negotiation, working closely with your security and risk team (or partners). Also, look for signs of transparency. Leading SaaS vendors put out a lot of information about security, performance, and other key metrics. They foster a culture of openness and transparency.
Finally, keep in mind that a SaaS vendor will die off if they have a poor track record. That pressure generally keeps them more focused on delivering great service than a legal contract does.
This tends to be a contentious topic, and I’d love to hear perspectives and experiences.