Service Provider & Contract Risk Management
Scope of Service
Permitted Use and Users
Testing and Acceptance
- Ensure that the product/service provides all the technical features and functionality your business needs.
- Check if ancillary services related to training, support, and maintenance are adequately covered.
- Review the order form or subscription agreement to ensure it precisely reflects the business deal
Testing and Acceptance
Permitted Use and Users
Testing and Acceptance
- Evaluate the maturity of the SaaS platform. Has it proven stability and functionality in real-world applications?
- Determine if a testing and acceptance process is necessary to identify bugs and interoperability issues.
- Define the number of testing cycles allowed before deciding whether to terminate the agreement.
Permitted Use and Users
Permitted Use and Users
Warranties and Service Levels
- Examine whether the “permitted use” defined in the contract aligns with your current and future needs.
- Confirm that authorized users (including employees, independent contractors, and customers) are correctly defined.
- Consider any limitations affecting usage or users
Warranties and Service Levels
Cybersecurity and Data Protection
Warranties and Service Levels
- Understand the warranties provided by the vendor:
- Will the platform/service/product perform according to technical and functional specifications?
- Does it comply with applicable laws and not violate third-party rights?
- Is it free from harmful code (viruses)?
- Identify key metrics for assessing value, such as system availability, response time,
- Understand the warranties provided by the vendor:
- Will the platform/service/product perform according to technical and functional specifications?
- Does it comply with applicable laws and not violate third-party rights?
- Is it free from harmful code (viruses)?
- Identify key metrics for assessing value, such as system availability, response time, and user satisfaction.
- Verify the availability of help desk support during user hours and maintenance windows.
Cybersecurity and Data Protection
Cybersecurity and Data Protection
Cybersecurity and Data Protection
- Investigate the SaaS provider’s security protocols and data protection measures.
- Assess vulnerability to cyber threats, including past incidents (e.g., breaches).
- Understand disaster recovery plans and risk mitigation strategies.
IP Protection and Trademarks
Cybersecurity and Data Protection
Cybersecurity and Data Protection
- Ensure the provider company has secured its intellectual property (IP).
- Retroactively apply for trademarks if necessary.
- IP protection is crucial for deals above $500K.