Reduce the risk of SaaS lock-in
SaaS or Software as a Service is a modern trend for delivering the functionality of a software package as a service rather than as something that you install and operate yourself. This model has great advantages:
- Better for cash flow, as usually the fee is a rolling monthly subscription
- Less operating cost, you don’t have to worry about servers, maintenance or backups
- Always updated, updates are directly applied and you’re always on the latest version
Generally the trend towards SaaS has been very good for both providers and customers, the supply chain has become shorter and increased competition has meant a lower trend in prices while for providers the subscription model has led to much more stable income and better ability to serve their customer needs.
However there is one big drawback with this approach: Lock-In. Realise up front that you will not be able to access the source code of the application, you will not be able to host it on your premises and usually you will not be able to access the data on directly on the system, since it’s very likely yours is not the only data on the system.
If in the future you find a better product or you need to switch providers how do you avoid going through the pain of manually having to re-apply all of your data?
The time to minimise this risk is when you’re negotiating the contract, not after.
The key thing that needs to be stipulated in the contract is an exit plan. This plan should detail the following:
- Notice period of termination
- An export data format
- A defined set of milestones for the export, and the timing of these steps
- Data disposal rules and retention to ensure your data is cleaned up, recall that in Europe, at least, it’s a legal requirement for firms to delete all data they hold for you _on request_.
Getting the export format defined is as critical as getting the exit plan in place, since if the supplier delivers the raw data that can only be read by their application, what’s the point?
Like all negotiations, leverage and compromise are the tools to get things done. The more leverage you have the more you can get without compromising, the less you have the more you need to compromise.
Getting the exit plan in the contract should be non-negotiable, the negotiation must focus on how long it will take and who will pay for it. Use all the leverage you have to shift this burden onto the provider.
Ideally the provider agrees to a set time schedule for the exit, and carries the cost (or provides it as a feature). Compromising on the schedule is preferable, but if you have to compromise on carrying the cost, ensure that either the cost is fixed at the point of signing the contract, or that it’s based on a fixed scope / amount of time.
Note that a “clever” trick some providers use is to give you read-only access to your data indefinitely. This is not a win, and it’s not an exit.
Also consider what recourse you have if the exit plan is not followed, be this withholding payments, legal access etc.
Whatever you do, don’t be fooled by half-measures and vague commitments, get it in the contract and get it as specific as you can make it.