Technology contracts, such as software licensing and SaaS, are part of the routine of most companies doing business in Brazil from different sectors.
And that is why these documents should be very objective and technical, bringing clarity and predictability to the relationship between the parties.
Below we highlight 5 Key Points About Technology Contracts:
1. Flexibility and Contract Termination: It is important to include clauses to adapt the contract to the technological and legislative/regulatory reality, which must objectively contain the conditions (and consequences) for agreement termination, including the reasons, deadlines, fines and transfer of knowledge or return of processed data;
2. Incident Management: Any system is subject to attacks (DDOS, hacking, among others), so the supplier must present a security incident response and business continuity plan – BCP), detailing procedures for reporting data breaches, response time, risk mitigation and communication with affected customers;
3. Audits and Monitoring: The contractor must have the right to conduct periodic performance and security audits, such as stress tests and pentests. The audit may be carried out by the contractor itself or by a third party and the reports of these tests must be linked to the SLA and the possibilities of agreement termination.
4. SLA (Service Level Agreements): The Service Level Agreement (SLA) must precisely define the Key Performance Indicators (KPIs) and metrics, such as response time, uptime and incident resolution, also indicating the tools and procedure for their measurement. In addition, there must be fines and possible incentives linked to (non)compliance with the SLA, as well as the provision for periodic review of its criteria, to keep up with technological advances and regulatory requirements;
5. Brazilian and Foreign Compliance: The supplier must represent and warrant that it is and will remain in compliance with the laws and regulations of the country where the software is used or services are provided, in addition to those applicable in the country where one of the parties or a third parties related to the contract is located, especially regarding the international processing of personal data and intellectual property over technology.
The relevance of the above items will vary in each contract, according to the details of the contract and the parties involved. However, it is essential that all these points are in the document or its annexes, ensuring legal security and technical efficiency for the business, in addition to predictability for the parties regarding their obligations.