In addition to the primary services, as a SaaS supplier, you are responsible for hosting the software and the ancillary obligations that come with it. These include securing and safeguarding your customer’s information, backing up the data and providing disaster recovery and business continuity to ensure your customers continued access to the software application and their data. Keep these ancillary obligations in mind when developing your SaaS and the supporting documentation and contracts.
What ancillary obligations does your SaaS supplier provide?
In the traditional on-prem model, the software is installed on a server you controls. While you may be dependent on the software provider to provide upgrades and fixes to the software, you are in control of when the software is available and how the data is safeguarded.
By moving to the SaaS model, you are giving up control of your application in return for reduced infrastructure and management costs.
However, you still need to be able to access your software and be sure that the data you provide is adequately protected and backed up. Here’s where the ancillary obligations come in. While these are not the main services provided by the supplier, these are necessary to ensure you have a compliant, workable, secure SaaS application.
When entering into the SaaS arrangement, consider how the supplier provides the following:
- Security controls and safeguards for the information you provide and process through the application
- Backups of the data with corresponding restoration services
- Disaster recovery and business continuity with adequate RPOs and RTOs.
Depending on the type of information processed and the criticality of the SaaS to your business, your contract will address these issues to varying degrees.
To learn more and join in the discussion, check out my LinkedIn post.