Penalties for non-payment: These generally come into play when there is termination, and most vendors do this fairly. The vendor requires you to give a certain number of days' notice (30, 60, 90) to pay for that period. However, some vendors will try to charge for the "expectancy" of the contract. In other words, if the contract is for five years and you want to get out after two years, they try to make you pay for the full five years, which you will not be using. If you have a vendor with terms like this and the vendor will not modify them, it's best to find another vendor.
Intellectual property rights: If you are moving any proprietary company work like custom-built applications or data to a cloud or SaaS vendor, be sure that your creative and intellectual property rights in this information remain yours and that the vendor cannot use or share them with others.
Security warranties: You need the assurance from the vendor that your applications and data are both private and secure. If a breach of either occurs, the vendor should be prepared to indemnify you for any losses you suffer, including lawsuits. This should be stated in your contract.
Product and performance warranties: The vendor should have mean time for repairs and also system uptime and system support uptime guarantees in the contract. If these are missing, add them.
Vendor sharing of your information with third parties: Most vendors either tell you that they will or will not share your data with third parties. If they have a clause pertaining to this, make sure that you agree with it. If you don't agree, write your own modification.
Procedures for disagreements and arbitration: Most contracts contain these. What you want to look for is the venue (i.e., location) for disputes and arbitration. Vendors tend to list the state of their home office as the place where arbitration or court actions occur. This can be costly if you are in California but your vendor is in Boston. The simplest thing to do is to change the state of venue for legal disagreements to your own home state. Most vendors are comfortable with this, but you are the one who has to bring it up.
Be sure to cover what's NOT in the contract
Another common oversight of companies is failure to consider what is NOT in the contract with their cloud or SaaS provider.
One area many companies miss is SLAs. "We don't provide our clients with SLAs, although we have our own internal SLAs," acknowledged one SaaS vendor recently. The same vendor estimated that probably 90 percent of SaaS providers don't give published sets of SLAs to their clients.
However, if you are a cloud or SaaS client, SLAs should be part of the contract with your vendor because SLAs are warranties of performance. If you don't see SLAs specifically addressed in the contract the vendor presents to you, you should insist that SLAs be added, and these SLAs should reflect what you expect of vendor performance. SLAs can be written into an addendum that is attached and integrated into the contact. Along with this, you should write in an expectation that SLAs and SLA performance are reviewed quarterly (or, minimally, bi-annually) with the vendor, with the opportunity to amend them based upon changing business conditions and mutual agreement between you and your vendor.