As software-as-a-service (SAAS) adoption rises in the workplace, business managers mustn't overlook a key issue when selecting a Web-hosted applications suite: a service-level agreement.

Such contractual agreements, known as SLAs, bind the SAAS provider to meet specified levels of service. An SLA can address various aspects of the service, such as application uptime and performance, as well as data security, backup, recovery, and integrity. The SLA outlines penalties -- often in the form of credits -- if certain standards aren't met.

An SLA is of particular importance for a hosted application, since in that case the customer is giving up control over the software and thus has little or no power to fix problems that arise on the SAAS vendor's end.

In other words, a business manager must make sure that a selected SAAS vendor can provide the level of reliable service the company needs. "IT [and business] managers need to understand the consequences for their operations if there's a problem. [They should] determine what downtime they can tolerate and compare that with what the vendor is offering," says Eric Maiwald, a Burton Group analyst.

Once a contract is signed and the hosted applications are implemented and woven into a company's workflow, migrating away to another provider will be costly and time-consuming.

Few agreements available

Unfortunately, SLAs are far from prevalent among SAAS vendors -- and when offered, the standard agreements typically are thin and limited. That goes for large and small vendors alike. "For the most part, SLAs haven't been in place for the broad cross-section of SAAS [offerings] currently available," says Jeff Kaplan, a ThinkStrategies analyst.

For example, the Google Apps Premier Edition suite contains an availability guarantee only for its Gmail portion (for 99.9 percent uptime) and offers no commitment for the other components, which include word processing, spreadsheet, and presentation software.

"It would be comforting to have an SLA that covered the entire suite," says Mark Harrison, founding partner of Abraham Harrison LLC, provider of online marketing services.

Abraham Harrison, founded in late 2006 and incorporated in early 2007, has been using Google Apps Premier Edition for about one year, and the uptime of its hosted applications and services, though not 100 percent, has been excellent, according to Mark Harrison. Downtime incidents have been rare and brief, and have never proven disruptive to the company's operations, he says. "We've never been crippled by an outage," Harrison says.

Still, should a significant Google Apps outage occur, it certainly would impact the company, which is highly dependent on the suite. The company chose Google Apps in order to give its geographically dispersed staff an array of software to use for communication and collaboration. In addition to the suite's productivity applications, the company also uses Google Talk instant messenger and Gmail for e-mail. The company's 22 employees, located in six countries and four continents, operate in 14 different time zones, and since most of their work is collaborative, Google Apps -- which lets users jointly edit documents located on a central server -- was a better alternative than e-mailing Microsoft Office documents back and forth.

Harrison would also like to see Google Apps provide an offline component that would allow users to work on their local PCs when disconnected from the Internet, a capability he knows Google is pursuing with its Gears technology.

That Harrison would feel more at ease with an SLA is telling. His company isn't an ordinary Google Apps customer. Although the relationship between Google and Abraham Harrison is purely of the vendor-client type, meaning that the company receives no compensation from Google, the Google Apps team has singled it out as a model small business whose feedback it regularly seeks. As a result, Harrison is in close contact with the Google Apps team.

What should a business manager look for in a service level agreement? The most basic item should be an uptime commitment for application availability, ideally 99.9 percent of the time or above. It should also address planned maintenance downtime, which, if too frequent, can become bigger burdens on customers than accidental outages.

When negotiating, inquire whether the SAAS vendor owns its own data centers or whether it depends on a partner, and be sure to investigate who the partner is and the extent of its infrastructure. Also verify that the SAAS vendor has key certifications, such as the SAS 70 Type II audit.

The SLA should address performance, as well, because an application that is extremely slow will affect a company's operations. It's also a good idea to include provisions for the data created with the applications and to put in writing what responsibility the vendor will assume for data that is lost, corrupted, or stolen, along with statements about the vendor's data security measures and data backup and recovery services.

Kaplan recommends assuming the worst -- that the vendor may go out of business altogether. To protect against that eventuality, customers can request that the vendor bring in a third-party "escrow" provider that will, for example, house the applications source code and data, in case the SAAS vendor goes under.

Business managers need to remember, too, that they must be proactive in securing a satisfying SLA, because SAAS vendors are understandably reluctant to volunteer generous service guarantees. Many elements outside of a SAAS vendor's control can interfere with the performance of its applications and with the integrity of data. Such external factors can include interference from security software on users' PCs, problems with the customer's local network, ISP issues, and structural Internet hiccups.

"Every provider will write an SLA, especially if you ask them, but it's going to cover things that they can control," Burton Group's Maiwald says.

Still, industry experts agree that, little by little, both buyers and SAAS vendors are recognizing the importance of SLAs, so business managers should find securing them progressively easier.