Jump to content

Contract/SLA requirements for SaaS vendors



  • David
    25/01/2017 10:50
    Dear Forum, Is anyone aware of a regulatory or industry best practice paper that gives guidance on the controls that should be included in the contract or service level agreements with Software as a Service (SaaS) vendors? These may vary slightly from vendor to vendor but there are typical items such as notification period for planned downtime, approval process for changing software/infrastructure, recovery time/point objectives, retention period for data, etc. that should be covered. I have my own notes from experience but would like to verify them against industry best practice/regulatory expectations so links to guidelines would be appreciated.
Reply to Thread