1

We are a SaaS company and I have been asked to review the 'Security' section of the contract proposed by one of our potential clients. I would like to know whether the following two statements are regular standards followed in SaaS contracts? As far as I can see, it looks reasonable. Given that we have industry standard anti-malware precautions in place, I feel I can give that sentence a go-ahead. However, I would like to make sure there are no hidden surprises.

Should it transpire that a Malware infection is attributable solely to the Client, the latter will bear the cost of diagnostics and restoration.

Should it transpire that a Malware infection is attributable to the Provider, the latter will bear the cost of diagnostics and restoration.

Does it look okay to okay the above two statements, especially the second one. We are the 'Provider'.

Sreeraj
  • 1,297
  • 1
  • 13
  • 21
  • 7
    I'm voting to close this question as off-topic because this is mostly a legal question and thus off-topic here and more appropriate for law.stackexchange.com. But, given the amount of money which can be involved in any disputes I suggest to better ask a real lawyer instead of relying on opinions found at the internet. – Steffen Ullrich Jul 03 '17 at 11:10
  • 2
    While I agree with @SteffenUllrich. I would worry about who does the attribution. Is there an agreed upon process? It is possible that any malware infection of your SaaS solution will always be attributed to you (the provider), at least in part. – Jedi Jul 03 '17 at 12:56
  • 2
    @Jedi: that's one of the reasons that I would suggest that a __real__ lawyer should have a look at it. – Steffen Ullrich Jul 03 '17 at 12:58
  • Not just any lawyer, but a lawyer that specialises in IT. Apart from that, I think that the statements are somewhat inconclusive. From a layman point of view, what happens if it transpires that both client and provider are responsible for malware infection? – user633551 Jul 03 '17 at 14:01

0 Answers0