Executive Leadership: Oversight & Key Metrics
      Back to home
      1. Trustero Support
      2. Phase 3: Operationalize Controls
      3. Executive Leadership: Oversight & Key Metrics

      SaaS Customer Service Agreement Template

      A template that can be used in most SaaS customer service agreements, after customization and review by legal parties

      Updated Nov 14, 2023


      NOTE: This template is intended to cover key aspects of the customer-provider relationship with a focus on information security within a SaaS context. It should be tailored to the specific services offered by the SaaS provider and reflect any unique aspects of your business model or technology. Legal review is essential to ensure compliance with applicable laws and regulations and to ensure that the terms are enforceable.


      [Your Company Name]

      SaaS Customer Service Agreement

      This Service Agreement ("Agreement") is entered into as of [Date] by and between [Your Company Name], ("Provider") and the entity agreeing to these terms ("Customer").

      • Definitions

      1. Information Classification: Definitions for "Confidential," "Internal," "Public," etc., as per the Provider's classification scheme.
      2. Personally Identifiable Information (PII): As defined by applicable data protection laws.
      3. Intellectual Property Rights: As governed by the laws of [Jurisdiction/Country].

      2. Service Description

      This Agreement pertains to the Customer's use of the Provider's SaaS services ("Service"), as further described in any order forms or supplemental documentation made available to the Customer.

      3. Information Security

      1. Compliance: The Customer is responsible for complying with all applicable legal, statutory, regulatory, and contractual obligations in their use of the Service.
      2. Security Controls: The Provider has implemented and will maintain appropriate security controls to protect information within the Service as described in the Provider's security documentation.
      3. Acceptable Use: The Customer agrees to abide by any acceptable use policy provided by the Provider and is responsible for any unacceptable use of the Service by its users.

      4. Access and Authorization

      1. User Accounts: The Customer is responsible for managing user accounts and ensuring that any user access is revoked upon termination of authorized use.
      2. Data Classification: The Customer will classify their data in accordance with the Provider's guidelines for data uploaded to the Service.

      5. Data Protection

      1. Handling of PII: The Provider will handle PII in accordance with the Provider's privacy policy and applicable data protection laws.
      2. Customer Obligations: The Customer is responsible for ensuring that their use of the Service complies with data protection laws.

      6. Incident Management

      1. Reporting: The Customer is required to report any security incidents related to the Service in accordance with the Provider's incident response policy.
      2. Cooperation: The Provider and Customer will cooperate on the investigation and remediation of any incidents.

      7. Training and Awareness

      The Customer is responsible for ensuring that its users are trained on the appropriate use of the Service and any related security obligations.

      8. Audits and Third-Party Attestations

      The Provider will conduct regular audits of its security practices and provide summaries of audit results upon Customer request, subject to confidentiality constraints.

      9. Subcontractors

      The Provider may use subcontractors to provide the Service, provided that such subcontractors are bound by obligations of confidentiality and data protection that are no less protective than those in this Agreement.

      10. Termination

      Upon termination of the Service, the Provider will make Customer data available for export for a period of [30] days and securely delete Customer data from the Service thereafter, unless legally required to retain it.

      11. Liability

      Each party's liability, indemnity, and obligations regarding data breaches and security incidents are as described in this Agreement.

      12. General Provisions

      1. Modifications: Any modifications to this Agreement must be agreed upon in writing by both parties.
      2. Governing Law: This Agreement shall be governed by the laws of [Jurisdiction/Country].

      IN WITNESS WHEREOF, the parties have executed this Agreement as of the Effective Date.

      Provider:

      By: _______________________

      Name:

      Title:

      Date:

      Customer:

      By: _______________________

      Name:

      Title:

      Date: