You are right to question how you negotiate this. We've
completely redone our contract strategy here, after one very
It is important, if you go the ASP route, to list specific
performance measures in your contract. It is also important
to have a full security provision described in the contract.
I suggest you start with SANS:
http://www.sans.org Click on Sample Policies at the top.
There are two sample ASP policies:
Application Service Provider Policy - Defines minimum
security criteria that an ASP must execute in order to be
considered for use on a project by the organization.
Application Service Provider Standards - Outlines the
minimum security standards for the ASP. This policy is
referenced in the ASP Policy above.
What is in these policies needs to get written into the
Another hint: If you have internal data quality standards,
these need to get written into the contract. This is one
thing that saved us.
Also, I suggest you look at Caucus, the
organization for IT procurement: http://www.caucusnet.com
They have a lot of sessions on working with vendors, and
much of the material is including software licensing and
I suggest you have a strong software policy at your
university - we've just been working on rewriting ours and
it is attached.
Bottom line: Everything that you do internally and take for
granted: data quality standards, communication of new data
quality standards, security, testing, test environment,
approval process, change management - all of your processes -
need to be written into the contract, along with specific
---- Original message ----
>Date: Thu, 19 Jan 2006 00:36:04 -0500
>From: Malik Rahman <[log in to unmask]>
>Subject: [LICENSING] Software as a Service license terms
>To: [log in to unmask]
>I foresee our college moving in the direction of acquiring
>as a service from Application Service Providers. I'm
certain there are
>other institutions that are or will be utilizing this model
>service acquisition and implementation.
>Obviously, these systems are hosted and fully supported by
>respective vendors, our data resides on their systems and
>various integration points where these systems will
>in-house systems. The terms and conditions templates we
>used for outright software licensing don't completely
>additional issues of service levels, information security,
>remote authentication, integration and data exchange among
>I'm looking for an example of a T&C document that would
>SaaS model. All ideas and pointers will be appreciated.
>Malik K. Rahman
>Central Piedmont Community College
>Charlotte, North Carolina
>[log in to unmask]
>Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
Assistant Vice President
University Technology Services
www.oakland.edu/uts - the latest news from University Technology Services
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.