As EIR (electronic information resources) and SaaS (software as a service) applications become mission-critical in law and business, unscheduled downtime and outages have become an important contract consideration.
While efficiency, maintaining normal business operations and cybersecurity protection are chief concerns, the issue of possible cost recovery also is taking front and center.
The latest situation to shine a light on this topic involves Wolters Kluwer, the providers of many information service platforms and applications. Their cloud accounting system, CCH, went offline after the discovery of malware.
All network systems, whether internal or cloud-based, are susceptible to breaches and outages. In many ways, reputable EIR and SaaS vendors are better-equipped to both prevent and recover from outages or breaches. They have critical mass, hardened systems and technical expertise—plus, their business depends on the security and availability of their services.
Primary EIR and SaaS customer concerns
When outages or breaches do occur, legitimate worries and concerns come to the forefront:
- Lack of vendor transparency in terms of consequences far beyond lack of service availability. Could malware spread to your internal networks? Has your data been breached or stolen?
- Vendor liability and remedies for damages, both direct and consequential.
Reputable EIR and SaaS providers are doing all they can in terms of risk mitigation, such as training and tracking of personnel and use of security technologies like encryption and intrusion detection systems.
For customers and users of these systems, there are things you can do as well. For example, cyber-liability insurance is a sound investment, but it only helps after the fact. Before any problems occur, risk management begins with vendor selection, contract negotiations and ongoing management to define terms and conditions and monitor compliance.
Vendor contracts are created with the primary goal of protecting their legal and business interests, so it’s important to leverage your bargaining powers and understand what you can, and probably cannot, negotiate.
One of LAC Group’s areas of expertise is in the use and spend management principles for EIR and SaaS solutions. We offer objective guidance before, during and after the vendor selection and contracting process to safeguard your operational and financial interests.