Writing a Better Cloud (Hosting/SaaS) Service Provider Agreement (MSA/SLA)
The Master Service Agreement or Master Agreement or Service Level Agreement – call it what you will – is the (usually quite hefty) contract used to govern the future business, transactions and agreements between two companies.
So to say I’ve seen a few Master Service Agreements (MSA) is a bit of an understatement.
I estimate I’ve seen over 1,000 master contracts from various companies around the globe. These companies include all the bleeding edge Software as a Service (SaaS) companies from Salesforce, Google, Microsoft, etc… to Fortune 100s consuming those services. I would include Fpweb.net in the group of SaaS providers as we provide our own MSA when possible to simplify the process.
However, what drove me to write this blog was a recent MSA I received from a very large company (we’ll call it Mega Co) wanting to do business with Fpweb.net. I cringed as I opened the document… Most 800 pound gorilla companies have teams of attorneys writing their documents in a “my way or the highway” style. But, I was pleasantly surprised to see Mega Co’s MSA approach.
The following are things in the MSA of Mega Co which I seldom see on the shopping lists of large companies seeking to do business with Cloud vendors such as Fpweb.net:
Mega Co. MSA
- It was fair. Every issue expressed 1) what is reasonable for both parties and 2) what applies to one party applies to both.
- It was thorough. They covered everything and I mean everything in a 70 page document. From escrow of software if the SaaS provider goes belly up, to price increases at CPI and security breach processes and party responsibilities. Everything.
- It was easily understandable. Huh? You don’t need 500 contracts review experience or your JD? Perfect.
Yep, I was completely blown away, and I now have a completely different view of the company. I’ve even become a loyal customer myself as a result. But it’s more than that. I’m taking what I’ve learned from Mega Co. and applying it in two ways:
1) I’m rewriting the Fpweb.net MSA (20 pages) so our customers spend less time reviewing it. Of course, this adds more language to an already extensive MSA. So the challenge is to simplify it. We’re working on the simplification piece now.
2) I want to share the framework of this MSA with you now. It can serve as a checklist for you. Of course, I can’t list all the details on Mega Co’s MSA, but I can give you the blueprint of what your MSA should cover. I guarantee that yours or the vendor you are chatting with is missing some important areas. Use this framework to make sure your master contract covers you:
A Better MSA Framework
ARTICLE 1. SCOPE OF SERVICES
ARTICLE 2. STATEMENTS OF WORK
ARTICLE 3. PROJECT MANAGEMENT
ARTICLE 4. DELIVERY AND INSTALLATION
ARTICLE 5. DOCUMENTATION AND TRAINING
ARTICLE 6. ACCEPTANCE
ARTICLE 7. LICENSE GRANT AND PROPRIETARY RIGHTS
ARTICLE 8. ESCROW
ARTICLE 9. INCIDENT RESPONSE AND CHANGES
ARTICLE 10. CHARGES AND TERMS OF PAYMENT
ARTICLE 11. TAXES
ARTICLE 12. WARRANTIES
ARTICLE 13. TERM AND TERMINATION
ARTICLE 14. ENCRYPTION EXPORT
ARTICLE 15. LIMITATION OF LIABILITY
ARTICLE 16. INDEMNIFICATION CONFIDENTIAL INFORMATION
ARTICLE 17. INSURANCE
ARTICLE 18. AUDIT AND EXAMINATION
ARTICLE 19. SECURITY
ARTICLE 20. ADVERTISING AND PUBLICITY
ARTICLE 21. DIVESTITURE
ARTICLE 22. ASSIGNMENT
ARTICLE 23. BACKGROUND CHECKS
ARTICLE 24. NOTICES
ARTICLE 25. OVERALL AGREEMENT
ARTICLE 26. SEVERABILITY
ARTICLE 27. HEADINGS
ARTICLE 28. SURVIVAL
ARTICLE 29. FORCE MAJEURE
ARTICLE 30. CRISIS PREPAREDNESS PLANNING
ARTICLE 31. GOVERNING LAW AND VENUE
ARTICLE 32. DISPUTE RESOLUTION
ARTICLE 33. FOREIGN CORRUPT PRACTICES ACT REQUIREMENTS
ARTICLE 34. THIRD PARTY BENEFICIARIES
ARTICLE 35. RELATIONSHIP OF THE PARTIES
ARTICLE 36. COUNTERPARTS
ARTICLE 37. INTERPRETATION
ARTICLE 38. ATTACHMENTS
The following are attached hereto and incorporated herein by this reference:
|Exhibit 1||Form of SOW|
||Hosted System Encryption Information|
||Crisis Preparedness Planning (Optional)|
||Open Source Use RequirementsCustom Services|
|Exhibit 2||Information Protection Contract Requirements|
|Exhibit 4||Dispute Resolution|
|Exhibit 5||Foreign Corrupt Practices Act Requirements|