Checklist 5: Web Hosting Agreements Checklist :: Laurence Kaye

CHECKLIST 5 WEB HOSTING AGREEMENTS Hosting services are generally provided by an Internet Service Provider (ISP), either stand-alone or as part of a set of other services such as domain name registration, email forwarding, Internet access etc. In our past experience ISP’s tend to take a “standard terms and conditions” approach but are willing to accept limited amendments to standard terms. The closest analogy here would be a contract for the supply of dedicated telecommunications services such as leased lines or a contract for data warehousing services. The most important aspects of a Hosting Contract are contained in the Service Level section. General Matters 1. The following are general areas to consider and these could form part of the subject matter of any tender documentation: 2. Bundled Services – Often, hosting services are bundled with other services and a business will need to check whether any services such as email forwarding, domain name watching, etc, are provided by the ISP or sub-contracted. If sub-contractors are used, sufficient control over sub-contractor activities is required in the contract. 3. Shared Servers – For a large web site with dynamic content, a hosting company is unlikely to host the web site on a shared server but, if required, this should be stated explicitly in the contract. 4. Compatibility – Ensure that your ISP has experience of hosting the relevant content. 5. Web site operating system – Windows NT or UNIX. 6. Web Server platform – for example Microsoft IIS, Netscape Application Server, Apache etc. 7. Particular features of the Web site: for example any database software or particular Internet technology such as ASP, XML, CGI etc. 8. Use Third Party Information Sources – are any third party (independent) statistics available for service up-times, availability and connection speeds. Reference sites are also a good indicator of ISP performance and reliability. Specific Issues Capacity and Upgrades 9. Ensure that the contract provides sufficient hardware and bandwidth capacity for the web site’s initial and future (say next 6 months) traffic requirements. 10. Upgrade costs should be proportionate and acceptable, some ISP agreements deal with upgrades as a form of early termination with attendant cost implications which should be avoided. 11. The ISP may attempt to contractually force its customer into an upgrade if bandwidth exceeds a certain level; such obligations should be resisted. Costs 12. Bandwidth may be paid for on a fixed or as used basis. As used is probably preferable unless a high capacity on volume discount is available.

Page 2 20 October 2008

13. The ISP should offer a “burst” facility whereby limited additional bandwidth can be made available to deal with peaks in demand; this is useful if traffic volume is unknown or fluctuating. User Rules & Regulations 14. A business’s use of the ISP Services is likely to be made subject to certain rules and prohibitions, the most common of which are as follows: a. no collection, distribution or hosting of content that is defamatory, libellous, obscene or otherwise infringing of any third party intellectual property rights; b. no distribution of unsolicited e-mail – check that this does not cut across any marketing use of personal data collected via the web site; c.

no improper use of domain names or use of ISP Services in contravention of any relevant regulations and codes (these could potentially include ASA codes etc).

Warranties 15. ISPs should be required to warrant service availability and up-time. 16. Businesses may need to warrant that they will: a. not infringe any third party rights; b. comply with any relevant regulatory codes; c.

own any domain names used (in which case it may be necessary to obtain back to back warranties with their domain name service provider).

Liabilities & Indemnities 17. The business will usually be required to give an indemnity for third party claims arising out of a breach of user rules or terms of use. 18. The ISP will usually attempt to limit liability widely and excluded losses may include loss or corruption of data, loss caused by transmission of infringing material, loss of software/hardware, introduction of viruses, etc. The acceptability or otherwise of these matters is, ultimately, a commercial decision for the business. 19. The business’s remedy against the ISP for service failures may be limited to service credits. If so the business will need to assess whether the service credits adequately compensate them for their losses (see section on termination below). 20. If the ISP attempts to include failure of its own computer equipment and/or telecommunications equipment (possibly as part of a force majeure clause) this should be resisted as it goes to the core of the ISP’s performance. Access 21. The business may require remote (and possibly physical) access to the web site and hosting server for the purposes of web site upgrades. If so, contract provisions need to be sufficient for this. 22. Responsibility for web server software updates and maintenance need to be considered – this should be the ISP’s responsibility at the business’s request.

Page 3 20 October 2008

Termination Provisions 23. Any provisions relating to termination for breach and/or notice should give the business sufficient time to source an alternative hosting service provider (at least 28 days). 24. On termination for any reason the ISP should return (or destroy, at the business’s request) its copy of the web site and any other information confidential to the business immediately. 25. The business may require off-site back-ups of the site to be provided as an additional service as this will facilitate moving to another ISP in the event of dispute with the current ISP. 26. The ISP may seek to suspend the service for minor breaches (such as late payment) and if attempted this should be resisted. 27. The business should have the right to terminate the service (on short notice) if: 28. The ISP’s service availability in any particular period is below a certain %; or 29. The ISP repeatedly misses monthly service targets but not in any single month sufficient to allow termination above. 30. The business should also assess the “get-out” costs involved in terminating the hosting agreement immediately. (In the event of serious dispute or technical difficulties the business will want to source a new service provider as soon as possible.) Service Level Agreement (SLA) 31. Service availability should be specifically stated and backed with a warranty – up-times should be in the region of 99% or better. 32. Service credits are often scaled according to extent of downtimes. Below 95% up-time should result in reimbursement of a significant proportion (if not all) of the fees paid over the measured period. If a formula is provided for calculation of credits the business will be able to ensure that sufficient compensation is paid for down-time. 33. Maintenance will be required but allowed down-times and duration for any network servicing and upgrading work carried out by the ISP must be stated and be acceptable. 34. Fault classification is required and will need to be sufficiently detailed as response times will often be linked to the severity of fault. The business should check whether the fault definition includes web site unavailability, declining server response time, loss of web site functionality, data packet loss, etc. 35. Response Times must be on a 24/7 basis as web site unavailability will damage the business and its brand. This is often linked to the fault classification and should be appropriate for the business context. 36. Fault reporting should be provided by the ISP along with monitoring services. These should be adequate for the business’s needs. Laurence Kaye Laurence Kaye Solicitors © Laurence Kaye 2008 T: 01923 352 117 E: [email protected]

Page 4 20 October 2008

www.laurencekaye.com http://laurencekaye.typepad.com/ This checklist is not intended to be exhaustive and it does not constitute or substitute legal advice, which should be sought on a case by case basis. Please feel free to copy or make available this checklist without modification in print or electronic form for noncommercial purposes. If you do so, please include this disclaimer and copyright wording with attribution. If you want to re-publish or make the whole or part of this checklist available in a commercial service or publication, please contact the author at [email protected].