Ironclad Journal icon Ironclad BLOG

SaaS contract procurement process guide

January 25, 2021 5 min read
Onboarding to Ironclad CLM contracting 2021

Procuring a Software as a Service (Saas) vendor for your business can be a daunting task, especially if you have never done it before. There are a number of different stages to the vendor contract procurement process and each stage has its own specific legal requirements. The procurement process can be broken down into different stages: Demo, Purchase, Implementation, Management, and Renewal. This article will focus on the first two stages, Demo and Purchase, and more specifically, the legal documents that are negotiated and agreed upon to keep the process moving forward.

Demo — NDA

Prior to any SaaS vendor demo, a mutual Non-Disclosure Agreement (NDA) should be executed by both parties. This protects any confidential information shared between the parties for the purposes of the demo. 

Although fairly standard, the terms of a NDA can still be subject to negotiation. The following sections tend to see the most edits and negotiation.

Definition of Confidential Information

Usually in the first or second section of an NDA, the definition of confidential information has tantamount importance because it establishes what is actually protected by the terms of the NDA. Anyone going into a vendor demo should know what types of information is going to be shared with the vendor and ensure that type of information (eg: software code, financial information, marketing strategies, etc.) is enumerated in this section.

Duty of Nondisclosure of Confidential Information

After Confidential Information has been defined, the next negotiated section defines the duty on the parties to keep confidential information, well, confidential. Language to look for here is: the Recipient’s duty to use the highest degree of care that the receiving party utilizes to protect its own Confidential Information of a similar nature, which shall be no less than reasonable care. The last part of the sentence is most important because it sets the reasonable standard which is an industry standard.

Return of Materials

During the course of the demo, confidential information will change hands as the vendor will receive confidential information in order to best demonstrate the product to the prospect’s use case. However, once the demo has been completed, it is important to establish the manner in which a party can have its confidential information returned. Make sure that first, the right to have materials returned is in the NDA, but also pay close attention to notice requirements and the time period the recipient has to return the information. Some NDAs also require that one copy of confidential information be stored in their systems for compliance purposes.

Governing Law

It is important to know the law that controls the NDA. The state of Delaware is a widely accepted industry standard, but the choice is up to the preference of the parties of the NDA.

Purchase — MSA

Once the demo process has concluded and a vendor has been chosen, negotiations of the Master Services Agreement (MSA) begin. The MSA is an agreement compiled of broad and general legal principles that will govern a customer’s specific order form with a vendor. 

MSAs tend to be more complex than NDAs and see much more negotiation. In addition to confidentiality and governing law that is also found in the NDA, the following sections of the MSA tend to see the most edits.


Almost all SaaS vendors sell their product as a subscription service. Meaning that there is always a start and end date to the services purchased. This section of the MSA defines when the license will begin. Be mindful of auto-renewal clauses here. Most SaaS MSAs state that, unless given a 30 days’ notice not to renew, the customer’s order will automatically renew for a subsequent one year period. Although some customers prefer this because re-negotiation is no longer necessary, other customers want more control over their subscription and not have to worry about accidentally renewing a subscription that was not intended to be renewed.


SaaS MSAs give either party the right to terminate in the event of another party’s material breach of the MSA. Although more of an issue for the vendor and not so much the customer, be wary of termination for convenience clauses. This clause allows either party to terminate the agreement without cause.

Fees and Payment

This section does not describe the price paid for the service (those are found in an accompanying order form), but rather how and when a customer must pay. Things to look out for in this section include how long a customer has to pay an invoice (eg: net 30, net 45, net 60) and how often during the service term will the vendor send an invoice to the customer (eg annually, quarterly, monthly). Also be aware of penalties for late payments which are also defined here.

Public Announcements

This section allows for SaaS vendors to use the customer’s name and logo in the vendor’s marketing materials. Negotiations here tend to be based on the customer preference. If the customer is more open to the idea of their name and logo being used, this section is unedited. Other customers want more control and therefore negotiate to require their prior written consent prior to any use of their name and logo. There are also customers who refuse to entertain the idea of a vendor using their name and logo so they completely deny the vendor that right.


Indemnification means one party (the “indemnifying party”) agrees to pay losses incurred by the other (the “indemnified party”) to a third party. This provision is extremely important as it protects the parties from significant legal liability stemming from the acts of the other. Indemnity increases the level of trust in a relationship because one party may have to cover the other party’s losses.

Indemnification can stem from a wide range of causes of action. This includes a violation of the MSA terms which can include breach of confidentiality, breach of data privacy, negligence, and breach of intellectual policy rights. Also included in indemnification are any and all losses caused by the indemnifying party’s gross negligence or willful misconduct.

The indemnifying party will be liable for judgments, settlements, fines, and expenses, including attorney’s fees, of the indemnified party. Parties to SaaS contracts should closely review indemnification clauses to make sure any possible liability under their use case is included in this section of the MSA.

Limitation of Liability

Limitation of liability clauses limit the amount one party has to pay the other party if they suffer loss because of a breach of the MSA. A standard approach would be to cap liability at an amount that relates to the value of a number of monthly fees (anywhere from 12 to 36 would be in a standard range).

Breach of data privacy compliance regulations can either be uncapped or have their own specific cap (upwards of seven figures). It should be noted that most MSAs do not cap liability for indemnification or breach of confidentiality because, similar to breaches of data privacy regulations, these types of claims can carry much higher costs than breaches of other sections of the MSA.


SaaS vendor procurement can help take your company to the next level. Therefore, establishing a contract procurement process of well negotiated legal agreements not only mitigate risk for both parties, but also create a partnership between vendor and customer that can, down the line, grow into something much bigger than what the first purchase order comprised.

Want more content like this? Sign up for our monthly newsletter.

Book your live demo

Patrick Youkhaneh is an attorney and associate corporate counsel for Iterable, Inc., a growth marketing platform in San Francisco, CA. His work includes commercial contracts including customer MSA’s and vendor agreements.