If your SaaS system is going to be tested in a proof of concept (POC), be sure to put an agreement in place. A proof of concept (or POC) is an exercise in which you test the SaaS system to determine if it will work for your use case. Before engaging a new SaaS system into your company, you will almost always start with a POC.
The POC agreement would ideally restrict access to the SaaS in a test environment, disclaim any warranties and indemnities and require your customer to ensure that no confidential or personal data is processed while in the POC mode.
Do you need a SaaS agreement if you are using it for a proof of concept?
Some characteristics of a POC are:
- The POC is almost always run in a “sandbox” or test environment. Since you are still testing, you wouldn’t want to run this in production where it could potentially break something.
- You will likely use dummy data with a POC. This data could be completely made-up data, or a copy of your production data that has been treated to remove all sensitive information such as confidential information and personal information.
- POCs tend to be short-term, usually from 1 to 3 months. POCs can be longer, but this is rare.
You should have an agreement for the POC, though this may not be a full-blown SaaS agreement. You will still need the right to access the SaaS system and want robust confidentiality obligations to protect any sensitive information you share with the supplier while testing the system. But POC agreements tend to be stripped down versions of the regular SaaS agreement.
A POC agreement will likely restrict access to only the test environment. Since the SaaS system is usually provided free or for a nominal fee, the POC agreement is unlikely to contain any warranties or indemnities and the supplier will likely disclaim all liability.
Importantly, since the POC is not expected to involve any “live” data, the agreement will likely not contain strong security obligations, nor will the supplier take on any liability for a security or data breach.
Given the limited protections in a typical POC agreement, you should ensure the proper guardrails are in place when running a SaaS system through a POC – for example, no access to production environment and use of test data.
To learn more and join in the discussion, check out my LinkedIn post.
