The Anatomy of a Platform-as-a-Service (PaaS) Agreement Package

, , , , , KS Kader

Platform-as-a-Service (PaaS) solutions offer a cloud-hosted platform for software developers to develop, deploy, and manage applications – so that they don’t have to worry about setting up, managing, maintaining, and monitoring cloud instances. Popular PaaS solutions include products from Amazon Web Services, Microsoft Azure, Aptible, and Heroku. A standard PaaS Agreement Package generally consists of three parts: Cloud Services Agreement, Service Level Agreement, and an Acceptable Use Policy. This post will give you a high level overview of what goes into a PaaS Agreement Package.

1. Cloud Services Agreement

  1. Definitions – each contract has a “Definitions” section to outline what specific meanings are being given to terms throughout the contract. For example, terms such as “uptime”, “customer data”, “service level failure”, and “downtime” could have meanings specific to your PaaS business that may not be a common definition.
  2. Services and Service Orders – here is where you identify specifically what your PaaS business is doing for your customer. This section can include subsections such as description of services, access and use, documentation license, compliance with laws, sub-contracting, and information around personnel that would be assigned to your customers’ account (if applicable).
  3. Use Restrictions – This section outlines how the customer is restricted from using the application – including sub-licensing, hacking, reverse engineering, or otherwise using your PaaS for illegal operations. This relates to the Acceptable Use Policy.
  4. Support and Maintenance – Your agreement should also outline what kind of customer support and maintenance you offer your customers.
  5. Data Privacy and Information Security – An increasingly important part – this section outlines how your PaaS solution adheres to data privacy and information security standards – including data breach policies, redundancy and backup, high availability, disaster recovery, etc.
  6. Fees and Payment – this section should outline how you are charging your customers, how you are collecting payment, payment terms, taxes, invoices, and any other specifics around billing.
  7. Confidentiality – Your agreement should define what is considered confidential information, and what is expected from both you and the customer relating to said information.
  8. Intellectual Property Rights – Your customer is using your intellectual property, which is the PaaS itself, and you may be taking inventory of some of theres. This section should outline who owns what intellectual property, and what rights are being licensed over.
  9. Representations and Warranties – This essential section outlines the promises being made by each party that they are indeed able to enter into this agreement. Further, this section outlines the warranties you as the PaaS provider are making to the customer in terms of protections, data security, etc.
  10. Indemnification – This section is sometimes negotiated, and outlines how you and the customer are indemnifying each other from contract breaches and third party claims.
  11. Limitations of Liability – This essential section limits liability for you and your customer from claims, and can set a monetary limit as to how much can be recovered (such as the total price of the contract) in case there is a breach.
  12. Term and Termination – Your agreement should outline how long the contract runs, and under what circumstances and procedures can your agreement be terminated or renewed.
  13. Insurance – Your agreement can outline insurance requirements both from you, or for your customer – and what kind of minimum coverage either of you should have.
  14. Boilerplate Terms – these are the contract clauses that are included in most agreements – including entire agreement, notices, assignment, third-party beneficiaries, governing laws, equitable relief, and any exhibits.

2. Service Level Agreement

  1. Definitions – As with most contracts you sign with clients, a Definitions section should lay out specific meanings of terms used throughout the agreement, specifically those that are exclusive to your company – like product names, unit names, etc.
  2. Support Service Responsibilities – This section lays out what you, as the PaaS provider, are going to do for your customers – including responding to support tickets, support phone calls, tiers of support, access to support portals (like ZenDesk), and fixing defects.
  3. Uptime – You can also specify what kind of uptime you are promising your customer (Amazon promises 99.95% uptime for their AWS instances).
  4. Service Levels – Lay out how response and resolution times will be measured based on the issue your customer is facing. Clearly define the severity level of the issue (1 = business critical, 2 = defects with workaround, 3 = minor error, etc.).
  5. Service Escalation – Lay out under what circumstances the issue your customer is facing would be escalated to another tier of support, perhaps your management team or the CTO.
  6. Remote Services – If your PaaS solution offers remote services (such as screen sharing), you should lay out how your support team will handle this – and what kind of security you are promising if this is needed.
  7. Out of Scope Services – Clearly specify what would be out of scope of what your support team can provide your customers.
  8. Fees and Increases in Fees – As mentioned in the introduction, Amazon, Microsoft, and other companies make a ton of money off of support services with dedicated teams. I’ve personally seen bills north of $100,000 a month. If your PaaS offers higher tiered service packages, lay out how much your customer will be charged, and how the fees may increase over time.
  9. Support Requests – Identify how customers should get in touch with you for support – like opening a ticket, phone call, etc.
  10. Technical Contact – For some products, there can be a technical point of contact on both sides (yours and the customers) for easy communication without going through multiple people.
  11. Customer Obligations – Just like you are promising your customer support, the customer has to meet certain obligations as well. Here, lay out what those responsibilities are – including giving direct access, giving remote access, and any other cooperation that is expected of the customer.
  12. Service Credits – A main benefit of having a SLA to the customer is the promise of service credits should you fail to respond to a support request, of have a certain amount of downtime. This section lays out how much in service credits will be given to the customer based on the severity of the issue, and severity of your failure to address the issue. You should also lay out how these credits should be issued – such as credit on the bill, cash, etc.
  13. Additional Remedies for Service Level Failures – If you fail to meet the service levels or resolutions for any issue there may be additional remedies available to your customer. Lay those out here.

3. Acceptable Use Policy (AUP)

  1. Scope – Explicitly lay out what products your Acceptable Use Policy applies to.
  2. Updates and Changes – If you plan to publish your AUP to a legal section of your website, lay out when your AUP was last updated, and explicitly mention your right to update the policy as you see fit.
  3. Prohibited Material – Publish a list of what type of material must not be hosted using your PaaS. Examples include materials that misappropriate others intellectual property rights, malicious material, unlawful software, malicious code, and obscene and excessively profane material.
  4. Prohibited Actions – Publish a list of actions your Customers must not engage in. Examples include spamming, uploading unlawful content, conducting multi-level marketing or pyramid schemes, illegally transmit intellectual property, or generally engage in illegal activities. The larger, and more specific the list -the better.
  5. Statutory Obligations – Lay out what statutory or legal obligations your customers must adhere to – including but not limited to Copyright and Intellectual Property laws, and Data Privacy laws.

Let us Help

This post is just a high level overview of the what should be in a Platform-as-a-Service Agreement Package.

There are many more nuances and specifics around this type of agreement, and you should have an experienced attorney help you through drafting the right one to make sure you and your customers are protected.

Kader Law can help you draft, edit, or negotiate any of these agreements. If you’re interested, feel free to contact us.

This post is not legal advice, and does not establish any attorney client privilege between Law Office of K.S. Kader, PLLC and you, the reader.