B a severity 4 issue gets a faster response time than a severity 1 issue). Of course, fixing the problem should be part of the response to the reported problem. Therefore, the SaaS agreement should set an agreed deadline for the provider to resolve an issue. As with the response time clause, fixed time clauses can impose a faster processing time for more serious problems compared to less serious problems. You can see that their clause simply states that the «IP rights» remain the property of Xero. Subsequent parts of Xero`s «IP» clause process user data and not Xero`s IP, as user data is entered into the Xero platform in the form of accounting information in order for it to function. 5. Security and Data Protection – How does a SaaS provider protect customer data and respond to security breaches? These scenarios should be set out in the SaaS agreement. These clauses generally stipulate that the supplier has security measures/systems in place (and that the security measures/systems comply with current legislation). In addition, the clauses should stipulate that the customer must be informed without delay of any infringement. In some cases, customer data may be accessible to the third party. In this case, agreements must be concluded with these third parties so that the third parties have security measures/systems in accordance with the security measures/systems of the saaS provider or beyond these systems.