Negotiating a Tech Contract: The Devil Is in the Details
As software-as-a-service changes the tech landscape, make sure you read the fine print in your contract.
An HR executive was about to sign a five-year contract for a software-as-a-service (SAAS) talent management suite when he learned that the vendor wanted the first-year subscription fee paid upfront before any modules were used.
“We wanted a more traditional software license approach where you pay part upfront, part when it is installed, and part when it is validated and you go live. But that isn’t the way SAAS works,” says Ken McCollum, HR vice president at NorthBay Healthcare Corp., a Fairfield, Calif.-based employer with 2,100 employees at two acute care hospitals.
McCollum negotiated a compromise. He made a partial payment for the first year upfront and the rest 90 days later, when the first module was expected to go live.
For HR, the days of purchased software licenses, lengthy implementations and hefty capital expenses may be waning. SAAS, which allows organizations to rent software applications hosted by vendors in the cloud, is gaining favor as a preferred software solution. SAAS subscriptions prevail in recruiting, onboarding, performance review and other talent management functions, and they are making smaller gains in the HR management systems market.
McCollum, who has negotiated three SAAS contracts and bought many software licenses, understands that a buyer has the most leverage before signing a contract. HR professionals need to make sure they fully understand the terms for pricing, service-level agreements, data security, termination policies, and what is and is not covered in the vendor’s standard contract.
Data Security
Under a license agreement, the client owns the application and the data. With SAAS, the client owns the data, but the content resides with the vendor. That’s why it’s crucial that contracts cover security issues related to storing and moving data.
“The biggest concern with SAAS is data security, especially employee confidentiality,” says McCollum, who works with his organization’s chief information officer to evaluate this aspect of the contract. He has not had to add any language about security to standard vendor contracts, but during negotiations he makes sure he understands the security provisions as written.
Security specifications depend on risk level, says Matt Karlyn, a technology contract attorney and partner in the Boston office of Cooley LLP, and “HR is usually a high-risk category.”
Thus, SAAS or outsourcing contracts should spell out where the data will reside and where backup sites will be located.
When it comes to data privacy, each nation has its own laws. Various forms of monitoring by the U.S. National Security Agency have prompted some European nations to disallow employers from keeping employee data about their citizens in the U.S., and some require data to be maintained within their own borders. Any organization considering a contract for a global application needs to know where its data will reside and may need to select a vendor with secure sites in multiple countries.
One vendor, Mercer LLC, is experimenting with modifying its SAAS model so that employee data remain with the client, according to Kim Seals, global lead for the talent technology solutions practice at Mercer. The arrangement “changes our contractual obligations on security,” Seals says, shifting the onus for ensuring security to the client.
Reclamation After Termination
Another concern is retrieving data from a vendor when a contract ends. “You have to be clear about how you get data back,” says Joe Almodovar, senior director of global HRIS and payroll at A.T. Kearney Inc., a Chicago-based management consulting services firm with 3,500 employees globally. The format, timetable and who pays for returning the data should all be addressed. Customers also tend to forget about archived data that are backed up by the vendor. Almodovar recommends that both SAAS and outsourcing contracts cover these issues.
Top Concerns About Moving to a SAAS-Based HRMSIn a 2013 survey of about 1,220 HR systems clients, 54 percent had talent management applications on software-as-a-service (SAAS) or a combination of SAAS and licenses. Fifty-five percent said they would not adopt a SAAS-based HR management system (HRMS) due to concerns about: | |
| Service and support | 57% |
| Integration complexities | 54% |
| Inability to customize | 51% |
| Security/data privacy | 40% |
| Loss of control over systems/data | 33% |
| Functionality not specific for our industry | 28% |
| Vendor lock-in | 27% |
| Inability to control timing of release | 25% |
| Lack of global functionality | 11% |
| Source: CedarCrestone 2013-2014 HR Systems Survey report. | |
Nov Omana, CEO of Collective HR Solutions, a consulting firm in San Mateo, Calif., says most SAAS contracts aren’t precise enough on the topic of data retrieval. “It is going to be important for IT people to specify who does what, how you are going to get the data, how quickly and in what format when you terminate,” he says.
The most common reason for termination is a client’s decision not to renew a contract. Other reasons include vendor bankruptcy or acquisition. Data retrieval should be spelled out for each scenario. Omana urges clients to request the right to audit a vendor’s database after termination to ensure that client data have been destroyed.
“Data at termination comes up in every contract, and different customers have different expectations,” says Chad Daugherty, global HR technology practice leader for Towers Watson, a global professional services company in New York City. As a SAAS vendor, he says, “at the end of the contract we have a need to hold onto some of the client’s data for our legal protection.”
According to Towers Watson’s legal office, any professional services organization must hold on to documents for seven years after the end of a client project for a number of reasons including tax purposes, for internal audit and in case of a later dispute with the client. Although the requirements can vary from project to project, the data could include financial information, HR information or pension data, for example.
Tech Service Delivery Options | |||
| Model | License | SAAS | Outsourcing |
| What It Is | Client buys a license and implements and customizes software; pays vendor for ongoing support. | Built for multitenancy—all clients share one instance of software. Vendor owns or leases hardware and manages security and upgrades; client owns business process and accesses app via Internet or subscription. | Entire business process is managed by vendor. |
| Who Owns the Data | Client | Client | Client |
| Who Owns the Application | Client | Vendor | Vendor |
| Frequency of Upgrade | Every two to three years; all upgrades require a new license. | Two to three times per year. | To be specified. |
| Some Consideration | Typically, software can be implemented on premises by client IT staff or third party, although off-premises hosting is becoming more common as companies look to reduce costs. | Data security is a key concern. Some vendors claim to be multitenant but have different software instances for each client—a cost burden that may get passed on. | Requires high level of trust. Has become more complex as vendors partner with SAAS providers, putting the onus on the contract to spell out who’s responsible for what. |
Metrics With Consequences
Another reason to terminate a contract is the vendor’s failure to meet service-level agreements for uptime (the time a system is fully operational) or failure to support response times and the like, as measured by metrics. Customers have become more sophisticated about spelling out service-level agreement metrics—and the consequences for not meeting them—in contracts, according to Harry Osle, practice leader for the global HR transformation and advisory practice at the Hackett Group, a consulting firm.
“SAAS customers are building in exit clauses in case they do not see service levels agreed on for the technology or the functional side, or for the upgrade or even for getting information they need,” Osle says. Such clauses give customers more influence. For example, the contract might stipulate that if a client sees subpar metrics that don’t improve within three months the customer can move its data to another provider at the first vendor’s expense.
Most vendors include definitions of what constitutes service uptime, what an acceptable response time is for addressing problems and which metrics will be used to measure results. A vendor “might agree to respond to problems within an hour, but if you want something faster it will cost more,” McCollum says.
Upgrades and More
SAAS contracts should cover the timing of system upgrades and should specify how long the customer should wait before turning them on. Clients can also request that vendors provide a way to test an upgrade before it goes live.
The growing number of multiple-vendor contracts has created new wrinkles for customers. As SAAS-based talent management has matured, vendors have begun partnering with other vendors to offer suites of tools they don’t have individually. Some outsourcing providers also partner with vendors to offer broader solutions. In such cases, a contract should spell out the chain of responsibility between vendor and customer. One option is for the customer to deal with a lead vendor that manages other vendors.
In general, SAAS contracts run three to five years and are paid in one-year subscriptions. Omana believes vendors are often eager to sign longer agreements, so customers could use this as pricing leverage.
Since SAAS pricing is based on number of employees, the tricky part is defining “employee,” says Paul Hamerman, vice president and principal analyst for business applications at Forrester Research, a technology advisory firm. “You have to consider part-time workers, contingent workers, volunteers and retirees,” he says. “You want to negotiate the prices down for non-full-time employees.”
Before signing any contract, Almodovar says, he always asks vendors “to tell me all the things I can purchase that are not in the contract. Then we know what they are, and they might give us some leverage before we sign the deal.”
Bill Roberts is technology contributing editor for HR Magazine. He is based in Silicon Valley.
Web Extras
- HR Magazine article: Looking Under the SAAS Model’s Hood
- HR Magazine article: How to Get Satisfaction from SAAS
- SHRM article: How to Successfully Negotiate SAAS Contracts with HRMS Vendors
- SHRM article: New Systems Accommodate Changes in Technology
- SHRM article: Survey: Employers Replacing HRMS
An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.
Related Content
HR must always include human intelligence and oversight of AI in decision-making in hiring and firing, a legal expert said at SHRM24. She added that HR can ensure compliance by meeting the strictest AI standards, which will be in Colorado’s upcoming AI law.
The proliferation of artificial intelligence in the workplace, and the ensuing expected increase in productivity and efficiency, could help usher in the four-day workweek, some experts predict.
Learn how Marsh McLennan successfully boosts staff well-being with digital tools, improving productivity and work satisfaction for more than 20,000 employees.