Pro SaaS Supplier
As a SaaS supplier, you will almost certainly use subcontractors to perform some or all of the services. At the very least, you will likely use a hosting platform like AWS or Azure. Your customers will want to be notified when these subcontractors change. They will also hold you accountable for any non-compliant services provided by your subcontractors. Do your due diligence. Ensure they have the appropriate security controls in place. and memorialize them (and other obligations) in a written contract.
Pro SaaS Customer
Your Saas supplier will almost always subcontract part of the services to a third party. These may include professional services (such as the implementation and the configuration), or support services. Your supplier, will at the very least subcontract the hosting to a third-party hosting provider (the two main contenders these days being AWS and Azure).
If your Supplier is subcontracting all or part of its services, your SaaS agreement should account for the following:
- The Supplier should have done its due diligence on the subcontractor to ensure that it has the adequate security and privacy controls in place, keeping the Supplier’s obligations and the type of services subcontracted in mind. (Ideally, these security controls should be memorialized in a written contract between Supplier and subcontractor
- Ideally, depending on the service, the Supplier should get your approval before using a subcontractor or changing subcontractors. In practice, Suppliers are loath to do this as it interferes with their business operations, though they will likely agree when the subcontractor is providing professional services. At the very least, if the Supplier will be sharing confidential information or data with a subcontract, the Supplier should notify you of any changes to such subcontractor.
- Since the subcontractor is not a direct party to the contract, you will not have any contractual recourse if they breach any of the obligations. At the very least, your contract should make it clear that the Supplier is responsible for the subcontractor’s performance (or non-performance) as if the Supplier was providing the services itself.
What other concerns do you have when your SaaS supplier is using a subcontractor?
To learn more and join in the discussion, check out this LinkedIn post by Sapna Mahboobani.