7 ways Laywers can protect their clients and companies in a SaaS license agreement


Demand for Software as a Service (SaaS) applications is growing at a rapid pace and has resulted in more businesses appointing specialist technology legal knowledge and law firms for software resilience and business continuity advice. Legal experts want to make sure clients are protected in the best way possible to ensure their business critical SaaS applications and data are kept secure and accessible by recommending SaaS escrow.

This article runs through our top 7 legal tips on how you can protect your clients when putting together a SaaS license agreement by including SaaS escrow provisions. These tips will ensure client peace of mind and confidence that their SaaS applications and data are fully protected and they can continue operations should something happen to a critical supplier outside of their control.

What is SaaS Escrow?

Similar to source code escrow or software escrow, where critical software source code is stored with an independent software escrow company, SaaS escrow applies the same logic to the entire cloud environment including the data hosted within a SaaS application.

There are many and varied reasons for businesses to consider a SaaS escrow agreement including concerns about vendor bankruptcy, ransomware attacks, unplanned service outages, and potential data loss or corruption.


Tip #1 –
SaaS escrow should be included within any SaaS license agreement for critical software

The most popular Escrow London SaaS escrow solutions include:

  • Replicated SaaS Continuity with 90 Days of Live Availability – This provides a replicated cloud environment with databases that may be activated in the event of a release situation. In the event of a release, Escrow London will be on hand to maintain the system and provide a continuity of service for a period of up to 90 days.

  • SaaS Environment Escrow – This provides access to cloud environment and application components which may include containers, deployment scripts, deployment templates, databases, files, source code and relevant documentation that can then be used by the beneficiary following a release event.

  • SaaS Access Continuity – This includes a deposit of the developer’s access credentials to the existing cloud hosting vendor’s production account and system. This solution allows for a transfer of the access credentials and account to the beneficiary (end user) and the possibility of Escrow London maintaining the production environment for a 90 day period to ensure continuity post-release event.


Tip #2 – Give thought and clearly define what constitutes a release event

Typical release events include:

  • Material failure to support the product without curing such failure within a defined time period.
  • The depositor (SaaS company) is deemed to be unable to pay its debts within the meaning of {relevant insolvency act}.
  • Depositor applies for or consents to the appointment of a trustee, receiver or other custodian.
  • Any bankruptcy, reorganisation, debt arrangement or other case or proceeding under any bankruptcy or insolvency law.
  • Depositor ceases active operation of its business or maintenance of Product.
  • Depositor assigns its Intellectual Property Rights to the Product to a third party without offering similar escrow protection.


Tip #3 – Specify the assets to be included within the SaaS escrow deposit ensuring recovery in the event of a trigger

Depending on the SaaS escrow solution selected by the client, these assets can include the following:

  • Source code
  • Deployment scripts (IaC) such a Terraform or CloudFormation
  • Containers
  • Virtual machine images
  • Databases
  • Files


Tip #4 – Ideally, the Beneficiary should be the owner of the cloud account hosting the production environment

Beneficiaries may wish to obtain ownership of the cloud hosting account as it provides a seamless transition in the event of a trigger of the SaaS escrow agreement following a vendor failure. On an ongoing basis, the production environment can still be managed by the software vendor accordingly.


Tip #5 – Clearly define what happens on and after post-trigger event

Depending on what SaaS Escrow solution has been selected by the client, it is important to clearly define exactly what will happen at the time of and after the trigger event.

Different options are available such as the deposit materials being transferred directly to the beneficiary or Escrow London could maintain the service for an agreed period time. Administration or root access credentials to the production environment can also be released to the beneficiary. Another option sees the beneficiary or Escrow London provision a dedicated cloud account for the specific SaaS application under the legal ownership of the beneficiary.


Tip #6 – Determine if the depositor is the legitimate owner of the software IP and understand if open-source code is used (copy-left)

Open-source code is widely used by software development companies to accelerate development and reduce costs. However, the use of open-source code can create challenges if the code breaches any licensing rules. It is therefore vital to understand that the SaaS provider (depositor) owns the software IP. Escrow London can perform audits of source code to detect and identify the existence of open-source code and the implications that this may have. This report will identify the open-source code and their corresponding license requirements as well as any potential vulnerabilities.


Tip #7 – Ensure the SaaS escrow environment is tested

The testing process ensures the replica cloud instance and database is functional according to the expectations and requirements of the client. Each verification process confirms the completeness of the latest deposit materials and the ability to deploy the environment using deployment scripts and the access to the database hosting the beneficiary data. The process includes detailed documentation of the steps required to deploy and launch the application.

Escrow London provides a variety of free template agreements which can offer a great starting position when negotiating the perfect SaaS escrow agreement. This agreement template offers flexibility and can be amended until a mutual agreement has been agreed by all parties.

##

About Escrow London

Escrow London is a global software and SaaS escrow company with offices in Atlanta, USA, London, UK, and Sydney, Australia.

We have invested considerable resources into innovation to reinvent software escrow for a SaaS world. Escrow London provides a range of SaaS Continuity escrow solutions suitable for AWS, Microsoft Azure and Google Cloud hosted SaaS applications. We support a wide range of clients includes major law firms, banks, central banks, insurance companies, technology companies and government organisations.

Find out about SaaS Escrow by viewing our new video here.