tag:blogger.com,1999:blog-6186587811989383003.post5237128064870004025..comments2010-01-28T05:29:29.476-08:00The Davis Familynoreply@blogger.comBlogger1125tag:blogger.com,1999:blog-6186587811989383003.post-28243260932898241002010-01-28T05:29:29.476-08:002010-01-28T05:29:29.476-08:00Great tips. Another part of a SaaS stratgy can be 1) Escrow Agreements and 2) Security and Privacy compliance.<br /><br />Companies and request 3-way escrow agreements to be in place (for example Iron Mountain IP) where they are listed as the beneficiary to the SaaS provider&#39;s code + application / database in the event the SaaS provider goes belly up. These agreements are relatively cheap to setup and provide &quot;a level of control&quot; that would otherwise not exist.<br /><br />Next is to ensure the SaaS Provider maintains a comprehensive ISMS (Information Security Management System) and is compliant in areas important to the business consuming the service. For example, as a eCommerce SaaS Platform, OrderDynamics.com maintains PCI compliance in addition to having a facilities provider that is SAS-70. Other benecial Security and Privacy points are HIPAA, SOX, ISO 27001, and PIPEDA.<br /><br />Both of these deliverables should be embedded in the Master Service Agreement with the SaaS provider so they&#39;re accountable for maintaining them.<br /><br />Michael Turcsanyi<br />www.orderdynamics.comOrderDynamics Teamhttp://www.blogger.com/profile/17566462347435249156noreply@blogger.com