Collaborate on Invoice Terms and Conditions Sample Text for Procurement with Ease Using airSlate SignNow

Invoice terms and conditions sample text for Procurement

and thank you everybody for joining the presentation today again as Mark said I'm Andrew Martin and so should have Scott and Scott and this webinar today is it tend to intend it to be a survey of the various issues that IT procurement professionals and attorneys should be able to identify and manage when negotiating a technology agreement you know at the end of the it's going to take a while to get through all these topics there's a lot to cover I like Lee I don't think I'll have time to answer any questions at the end of the hour but feel free to email me with any questions that you have or you know you can enter them into the little panel on the side here and I'll address those at the end of the presentation via email you can also call me if you got any questions but so we'll start today by discussing the IT procurement agreement types and the various terms that are unique to and important for each will look at hardware agreements we'll look at professional services agreements we'll look at software and outsourced IT agreements once we get through those we'll start talking specifically about the key provisions that are really important for everybody to understand when entering into a technology agreement these are going to include indemnity IP IP ownership insurance and limitations of liability as well as privacy concerns and finally we'll discuss some practical tips when negotiating these contracts that I've found to be helpful to get the best deal possible for you pine-sol we'll start here again like I said talking about the IP procurement agreement types under the hardware agreements we'll talk about traditional asset purchases we'll talk a little bit about hardware leases and then hardware as a service for professional services will be discussing consulting and development agreements when we talk about software we'll look at traditional perpetual licensing we'll look at Enterprise licensing we'll look briefly as software at the service type licensing and server for service provider licenses and finally we'll talk about outsourced IT which is going to include managed service providers and co-locations agreements as we look at these agreements individually I'll briefly describe the general nature of each type of agreement and then also talk about the terms and conditions that are unique to each ok so starting here with hardware there are three types that we're going to cover like I talked about traditional asset purchases which would you know include you know buying servers or desktops or network infrastructure and that kind of thing we'll look at leases where the hardware is returned at the end of the term and software is a service which is traditionally for hosting and servers but now recently has been extended to hardware's of service for desktops and other infrastructure items for your organization's or your clients organizations so when we look at asset purchase agreements you know it's important to understand that this is the this is what everybody is most familiar with probably in the hardware sphere and it's important to understand these are sale of goods contracts so the UCC is going to apply and the UCC is the Uniform Uniform Commercial Code and it has a set of provisions that apply to all of the agreements that fall under its purview unless the parties contractually agree to different terms we'll talk about that a little bit in just a second but a couple of the main terms that we're going to look at here are the delivery terms and risk of life risk of loss terms and these are traditional procurement issues and what you want to do is to make sure that you understand which party is responsible for the goods during shipping who needs to ensure the goods during shipping and whether the shipping dates are material to the value of the agreement so if your client is buying a you know a set of servers that it needs on a specific date for an implementation you want make sure that that day is specifically outlined in the agreement and that it noted that that Davis material to the terms of the agreement at the basis of the bargain and to ensure that the vendor has to perform on that day or else your client could cancel the agreement if you don't do that there are there situations where the vendor has you know a reasonable amount of time to tender the devices and that may injure you and you don't really have much recourse if you don't make it clear and the agreement the other thing that will happen for asset purchase agreements a lot of times is you're going to have related installation services and so the way that these come over to in terms of the contracts the way that these come over to the client are going to be an asset purchase agreement and then a separate statement of work that the vendor is going to deliver that says you know here's the project here's our installation services here's one we'll be there and those kind of things so the problem with that in some cases is that the statement of work doesn't sufficiently provide for all the terms and conditions that you'd normally want to see when a vendor is delivering professional services or having consultants on-site so you want to make sure that when you're looking at the hardware asset purchase and an Associated statement of work that the statement of work includes those professional services terms and agreements their terms and conditions that you'll want to see and we'll talk about what those are a little bit something to be cognitive of four leases you know lease Hardware leases are a great option for companies that have room and their operating expenses budget but don't have as much room and their capital expenditures budget before entering you know before you enter into these agreements whether it regardless of whether it's an asset purchase or a lease you need to be sure that you understand what the hardware refresh rate is so as the attorney or the IT procurement professional you want to make sure that you understand and have consulted with your technology so to understand how long you expect for those those particular Hardware items to last and how long you think that they'll be valuable to the company and in the lease situation then you want to make sure that the term ties to that expected life of the hardware and so I have on here also hardware disposal at least and that's a beauty of the lease is that you give the hardware back you don't have to hang on to it or otherwise dispose of it but you want to make sure that that's set out in agreement as well the there's a process a procedure to go through to get that Hardware back to the vendors the next item here is hardware as a service this is a derivation of the hardware lease agreement it essentially will combine the benefits of you know your operating expenditure versus capital expenditure analysis that we talked about under leases and then it bundles that with a utility billing model under which your client will only pay for the hardware that it uses so instead of leasing a bunch of servers and maybe not taking advantage of the full capacity of the servers because you know your business you've sort of leased more capacity than what you need to take into account your need to expand at some point in the future under hardware as a service you're only ever paying for what you use so your expansion not you're not having to fund the expansion that's front and fees under a hardware as a service hardware as a service agreement are typically going to be recurring monthly fees and a particular concern to these kind of agreements are you know where you have recurring monthly fees you want to have price protect pricing protections to limit the amount that the fees can be increased at the end of the initial term you're also going to want to talk about we talked about capacity a little bit you want to make sure that you have capacity guarantees in place on these kind of you want to ensure that the vendor has enough excess capacity to handle your projected usage not only over the initial term but you know well into the future if possible this is because you know obviously they're switching costs that have to move from one provider to another and if your provider can't guarantee or otherwise assure you that they're going to have enough capacity to meet your needs well into the future it may not be a good fit the other thing is that you need to look for and we're going to talk about these alive but it it comes up over and over and through the course of dealing with these kind of contractors and service level guarantees or or generally you're going to see those in a document called the service level agreement or SLA and depending on you know we'll talk about what NSO like some of the details of an SLA in a little bit but essentially you know look at how critical the hardware is to your clients business for these kind of hardware the service agreements and where the hardware is very critical and it's you know something that's important to carry on the clients business you are going to need to make sure that you have an ironclad service level guarantee in place with respect to server uptime otherwise with respect to availability those kind of things we'll talk again like I said about SLA is a little bit later on today so the next slide is we're going to discuss professional services agreements and when I'm talking about professional service agreements here I'm specifically talking about project based work and what you'll see when you're looking at the agreements are sent over by the vendor is the master services agreement and individual statements of work that essentially hang off that master service agreement and define the projects there is a beach performed today we're going to look at specifically consulting and custom development agreements so the big issue under consulting and actually it the customs development as well as the issue that I'm sure everyone's familiar with here is the idea of scope creep and scope creep is when you know scope creep occurs when the statement of work doesn't adequately set out the deliverables and milestones on a particular project a lot of times you'll see statements work come across or proposals from a vendor that excuse me don't have really much if any specificity as to what the projects going to look like what the timelines are associated with the project how the you know who the responsible parties are for each particular item where you don't have that definition that specificity and if they want to work you can almost guarantee that you're going to be your clients going to be the victim of a project that suffers from scope creep again that's just the thing that works just too vague and so what you want to do is to make sure that when you're looking at these agreements that there is enough oversight built into the project by you know those who are going to manage the high end the manage the project from a high level and then also make sure that you've assigned responsible project managers and that should all be defined in the statement of Ward's another issue to look at when you're looking at statements of work are how to replace team members from the vendor side you're not getting the job done first thing you need is their right to replace a team member your reasonable discretion or your clients reasonable discretion they should have that ability and then you know secondarily to that you need to require that the vendor replaces replaced a team member with an employee or a contractor that has you know at least equal to if not greater experience than the replacement member so you don't want to get somebody in there that isn't capable and it's a good idea to have these kind of terms in these in the agreement the other thing I have on here is just kind of a general thing but something that you know can prevent some hurt feelings down the road or some disputes as to expenses just make sure that the that the client is only on the hook to pay for pre-approved expenses when we're looking down the road at custom development developer agreements the big issue in these agreements is IP ownership we're going to talk a little bit more about IP ownership later but there are some things that we should highlight at this point a lot of times when you're looking at development agreements if it's a custom sort of project to develop software for your clients many times the vendors default agreement that it's going to present to you will say that it owns the code so they don't whatever code is develops and you know the default position for the vendor and can be understandable from their perspective but obviously from the clients perspective this is problematic for a variety of reasons but the most common sense reason for you to argue this point is that your clients paying for this work so to the extent that they're paying for the vendor to perform this work to develop this code for them your clients should own it that's pretty simple and in my experience the best way to address this issue is to you know a lot of times the vendor is gonna say well we can't really separate or identify what is we're doing for you that you're paying us to do that the client is paying us to do and what we have brought to the table and so you know we'll talk about this again a little bit but you know what what it comes down to is saying that anything that they bring to the table maybe in the vendor belongs to them and anything that they've developed the vendor develops under your clients agreement belongs to your clients sometimes this this still won't work this argument really doesn't work in some cases where the custom work is related to building an integration piece from software that you have already installed that is owned by the vendor and the vendor is going to custom develop an integration piece that will link to another system that your client has on this network and the vendor intends to use that integration piece as a product enhancement going down the line if that's the case and it's not something that you that the parties can really come to terms on whether or not the client is going to own it then the way that you can work around this is to give your client a perpetual worldwide license to the code that's being developed if it's paying for and included in that license would be the right to access the code underlying code and use and exploit the underlying code in any way within its own organization the next topic is software licenses software licenses come in a variety of forms to address a wide range of circumstances obviously from traditional perpetual software licenses that talent individual users or installation to enterprise or estate these licenses that allow an organization to as many licenses as it needs to software as a service model which we sort of talked about if this is the precursor to the hardware as a service model we discussed earlier which is essentially a utility based software model and then there are also excuse me service provider licenses which allow your client to buy the right to provide the publishers software as a third party so starting with traditional software licenses there are two things that you want to understand when you're looking at any software license and we're starting with traditional the two things are what are the use right and how do you count your deployments so how do you count the number of installations or lie that you've been that you've used and that are on your clients network you know back in the day an office elf software package was pretty easy to count essentially you buy a package of software Microsoft Office you it on your computer and you have that one license to use with that one computer and it's straightforward there's not a whole lot of need to interpret the license agreements but even now with those products as simple products you'll find that publishers Microsoft is one a lot of others are giving you the ability to that one fully packaged product on multiple computers you know subject to some restrictions but you know one box one license can now be installed on a number of machines and Counting becomes even more complicated for enterprise licenses which we'll discuss a little bit but so you need to know where you're allowed to use the software and how you are supposed to count it and that takes a really careful understanding of what the licenses and an understanding of how your client likely to deploy the software the next issue to understand on traditional software licenses or really any of these other ones as well our vendor audit rights and it can be a real big deal vendors generally are going to want the right to audit at any time and to will want to transfer the cost of the audit to the customer that's obviously not a good position for your client the best agreements from purchaser perspective allow you know first of all only periodic on it so that be like once per year or wants to return of the license or even less if you can do it and then the other thing that you want to look for from your clients perspective is a provision that permits the customer to choose to self on it and self report as opposed to letting the publisher or more traditionally a third party auditor on site that can get really hairy to get really expense if you want to as the client control the information as much as possible and be able to look through and interpret your installations in your accounts on your own without without having a third-party auditor there too to put their own spin on what the counts look like for enterprise and site based license that's what we're talking about here is where a company purchases one license or you know finds one agreement essentially and is not limited in on the number of installed instances their users for that software when I say not limited that's not exactly correct it's they are not limited in the short term to or otherwise deploy the software on their network but these licenses are generally going to come with a periodic what they call true of obligation which means that you count your deployments and you submit the number of deployments that you've had over the preceding period to the publisher and you pay some amount that's commissioner with the number of additional deployments that you have installed on your network what this does when it works well is allows a company to it gives easier for that organization then to manage their deployments because they're not having to buy software ad hoc that they can roll they can just deploy the software as it's needed and then have one event every period - to handle the actual orders what you need to be concerned about here are the soft cost associated with complying with the treu up requirements so if the true up if the license isn't carefully drafted and doesn't actually take into account the way that the software is going to be used or deployed on your network on your clients network then what would happen what happens is that you have situations where these true up obligations become very difficult to comply with it takes a long time for your organization to count your deployments you're not real sure about the results that you're getting you don't have a good asset management system in place or the deployment counting method doesn't actually match the way that your client is going to use the software so it can become very expensive just internally to comply with true-up requirements and if you're not careful what happens is you end up eating whatever savings eating up whatever savings you got from signing on with the enterprise license agreement to begin with so again counts are very important that how to account is very very important for software licenses under the software as a service model is a pay-as-you-go pay for usage type of model generally the data is stored on the vendors or its subcontractors servers so agreements really need to include insurances that's the data privacy and security that are appropriate for this particular application that you're using you're also going to look want to look for cyber liability coverage and the vendors insurance requirements both these points we're going to get to and a little bit and I'll talk with talk about them in more detail but those are the things that are important under a software-as-a-service model the last bullet point here is to talk about service provider licenses similar to the size model only your client is acting as the service provider and it's your client is sitting between the publisher and the end-user so your client is the service provider is required generally under these agreements by the software publisher to do a couple things one is to you know again back to the counts count the number of software instances that have been deployed to the end-users and also the server or the publisher is going to require your client to ensure that end-users are complying with the publishers licenses I see a lot of service providers that don't fully understand their obligations with respect to counting the deployments these these agreements can get very very complicated and when you especially when you get into virtualization and clustering and different ways to increase the efficiency of the hardware that you have that's delivering the software counting becomes really difficult especially if you don't understand the technology well so it requires a really concerted effort between the IT professionals with your client and you know the lawyers or procurement folks to work together to understand what the true up obligations are and those are going to come in a service provider License Agreement those tree up obligations are generally going to come on a monthly basis so you really need to stand up the process does a very good job of counting and keeps you in compliance the next type of agreement that we'll talk about or outsource IT agreements and they're similar to and really can be considered a subset of professional services agreements we're going to talk about a couple different kinds here the managed service providers and colocation agreements so what a managed service provider is or we call them MSPs they're MSPs are companies that handle much of the IT support and services for your organization for your client this includes management and monitoring of servers and desktops handling you know end-user support requests troubleshooting sometimes maintenance there's a host of different types of services that can be offered and this sort of brings us to the first point here under the MSP heading which is specify responsibilities when you're looking at the MSP agreement that they that the vendor gives to you you want to be sure that your client understands which services are specifically included in the agreement there will generally be a laundry list of services that the vendor is intending to provide and they should be carefully set out and delineated with the with the server the MSP is also going to do is to set out those servers that are not included that are specifically included from the service offerings and what you want to do here is to make sure that there's not an exclusion and that excluded services list that swallows all the included services so for example sometimes the vendor is going to have a excluded item that says something like the vendor is not responsible for server downtime caused by factors outside of its control factors outside of its control is way too broad for that to be included in in the agreement the whole idea the reason why your client is getting a managed service provider in the first place engaging with one is because it doesn't want to handle factors outside of its own control and so it's paying off floating that risk to the MSP to do that you want to tighten up that language if the exclusions are very broad again back to the service level agreement or SLA this is important here and MSP agreements that the MSP defines the agreed service levels which would include you know server uptime for MSPs you're going to get a service level or you should see a service level for trouble ticket response terms those are things that are really important to get set out in the SLA and and not only should there be guarantees there should be they should also set out what happens when those guaranteed levels aren't met so the vendor needs to generally is going to give your client a service credit to be applied to you know your clients next month's bill and the event that they failed to meet their service levels what you want to do here is make sure that those credits are meaningful to the vendor and they're painful enough to incentivize the vendor to to actually meet it's guaranteed service levels the other thing that you want and this kind of an agreement is the termination for cause or for cause provision most of these vendors will most MSB is that nearly all of them are going to attempt to lock your client into agreement into an agreement for a specific term and by locking it and then they're going to include a penalty for early termination that would this way because the customer from doing so I'm terminating early what you want to do is ensure that your client has a termination for cause provision that's tied to repeated or chronic failures to meet the guaranteed service levels this termination for cause provision should allow your client to get out of the contract without paying that early termination fee and again tie that back to the SLA say in the SS say that if they failed to the vendor fails to meet its service level guarantees you know five times over two months or seven times over three months and your client has a way out of the agreement without paying that early termination penalty the next item here is collocation agreements this is company owned equipment client owned equipment that is running in vendor owned rackspace so what these agreements are for and generally the rackspace is going to include redundant power physical restrictions on access disaster recovery and disaster prevention system and so the agreements are going to need to include again an SLA that provides for service levels for all of those particular services and failures to meet those service levels are something that you will want to receive credit for make sure your client receives credit for the other thing is here again similar to what we talked about earlier with hardware as a service in fact these fairly closely related type of agreements it's that you want to have guarantees as to the environments expandability to meet your future needs so it's the same analysis that we did under hardware as a service you want to do that here and I'm sure that there's a capacity future capacity guarantee and the agreement that meets with what your projected growth plans are okay that's it for the types of agreements the next thing that we'll talk about here are the key provisions to look at and this section will take a look and take a deeper dive on some of the more important provisions to understand when negotiating these agreements including as you see identification IP ownership insurance and limitations of liability and privacy concerns and as we look at each of these provisions I'll talk about the types of agreements that that particular provision is especially important for alright so we'll start here with indemnification for anybody who's not comfortable with how indemnification provisions work they're basically an obligation on one party in our case it's going to be the vendor to act on your client's behalf when a third party asserts some claim against your client and that claim is based on something for which the vendor is responsible and when I say that the vendor is obligated to act on your customer on your client's behalf what I mean is that the vendor you know generally what that means is the vendor will pay they cost pay for the costs associated with defending the claim which would include legal fees and damages and and most standards and limitation provisions in addition to those two things legal legal fees and damages I also recommend being more specific as to the other potential costs for which the vendor may be responsible that would include things like investigative fees or audit related fees this is really important in software as we discussed software contracts Sabina subpoena and witness cause and punitive damages again punitive damages can come up for infringement matters so you want to make sure that those are included as well so that's just an overview how indemnification works so back to the actual events that can trigger an indemnification obligation we are primarily concerned with here one negligence and willful misconduct on the part of the vendor and two IP infringement the negligence issue applies you know pretty much across the board to any of these agreements where the vendor the vendors required to identify your client for anything that any claims that arise because of their negligence you know sometimes that's not going to be included in the indemnification provision but when when you add it in in a red line and pass it back it's really hard for the vendor to argue that that's not a reasonable position to take but the big issue here is IP infringement this is what we're primarily concerned with an indemnification under you know technology contracts so what we're saying here is that the vendor is when the vendor is delivering some sort of technology and it doesn't really even necessarily need to be technology it can be documentation or user manuals of that kind of thing but if they're delivering some sort of IP they can be custom or off-the-shelf software it can be hardware again like I said user manuals etc you want to ensure that the vendor is going to defend your client for any infringement actions brought against your client by a third party based on the use of that IP that was delivered by the vendors there are a couple things to think about here that's pretty basic a couple of things to pay attention to just kind of the specifics is that there's there a couple ways that you can get this this indemnification provision worded one would be that the we'll indentify your client against all worldwide intellectual property claims this is obviously the better position for your client but you're going to see some reluctance on the part of particularly like software publishers to provide that kind of the that kind of a worldwide intellectual property protection their argument is that they can't control or monitor or otherwise analyze all registered IP across the world so they can't be held responsible for some party in China for instance he says that their software infringes on the Chinese companies IP you know this is this is an argument that I have over and over I don't necessarily from the clients perspective agree with it it's going to be sometimes difficult for you to convince the vendor otherwise but I will tell you that generally speaking if your client is a larger specifically and especially if it's much larger than the software publisher then you will need to demand that you have worldwide IP protection and the reason is is because the reason your clients going to get sued is because your client has deeper problem pockets and the publisher if your client is relatively small compared to the publisher the third party is going to look instead to the publisher if it has a IP infringement claim as opposed to your smaller client so it kind of depends on the relative size of the publisher to your client to determine whether or not you know these kind of provisions worldwide versus US or other regional IP protection is something that's important the other thing to look at is to ensure that your clients getting IP protection against all intellectual property rights a lot of times you'll see the vendor paper says that it's only going to protect you and indemnify your client on claims arising from copyright or patent infringement it's a better practice if you get it - trademark and trade secrets included in the indemnification provision the next topic here is IP ownership these provisions aren't necessarily just going to be located in one specific place and an agreement that's important to understand you'll have to look through the agreement and looked at different parts of the agreements of find the areas where intellectual property ownership is implicated but when we're talking about ownership of IP in this context generally we're looking at two specific types of IP one and we've touched on both of these already one is the IP that's developed by the vendor for the customer that can be custom code website content graphics patentable inventions written documentation etc there's a lot of things that would be considered IP that the vendor can develop for your client the other is your clients data that it brings to the engagement that is stored by your client on the vendors systems so if you're when we're talking about cloud-based software as a service based service offerings it becomes very important to understand what the obligations are and ownership rights are with respect to that data so starting here with the first bullet that says you own what you bring we own what we pay you to build we talked about that a little earlier it's a very fair place to start from the from when you're talking with the vendor and you're negotiating you know who owns what that is the best place to get started that means the vendor owns that spend their materials which we talked about code snippets frameworks functions whatever it brings with it and the customer owns its owns all the work well the customer owns everything it brings to the table plus all the work that the vendor performs that the customer pays us to do the thing to be pay particular attention to here is to make sure that if you get this deal that you own the vendor work then you need to make sure in the agreement that the vendor work is defined as a work made for hire that is owned by your client under the relevant copyright and patent provisions the default position of the law is to say that your that a independent subcontractor owns the intellectual property on any work it develops and is paid even if it's paid for by a third party so default position is the vendor would own it you need to make sure to override that with specific language that says the work is a work made for hire under the relevant copyright or patent framework next bullet point here is you own your data this is where I'm talking about customer data that's stored on a on the vendor systems where you need to make sure that the agreement retains all rights to the data to your client and you know there there can be some issues here that's a simple easy way to start is that your client owns it right make sense the the issues come or arise here where the vendor needs to access the data because maybe it needs to analyze the data or perform you know some other sort of compilation of the data as part of the service that it's offering to your client so if that's the case if the vendor is going to have some access to the data it's a good idea to have a specific license look set out in the agreement that defines what that type of use is and for the for the vendor to access your customers data and sets out that it's a limited use license and then it's only good for the period of time that you know the term of the agreement etc and then a really big issue here I'm really important to get into these agreements is an effective termination clause so to the extent that your customer or your client is storing its data the vendor systems you want to ensure that that data gets back to your customer as your client ad terminations and terminations should be expanded to include termination of the agreement for any reasons sometimes you'll see these vendor agreements that say they'll give the data back you know provided there isn't a dispute over fees or provided the current the agreement wasn't terminated for arising from you know your clients breach not acceptable neither one of those are acceptable you need to get that data back that data needs at your data no matter what the reason for the for the termination you get it back there's no holding hospital data the other thing that you want to do is make sure that you get the data back and usable format not in a you know a bunch of reams of paper or printed out a database printed out to PDF or something like that it needs to come back to you in a usable format ok the next topic is insurance and limitations of liability generally speaking we like to make sure here make sure that the these two provisions insurance and limitations of liability dovetail with one another it's a practice that gives the client the benefit of the proceeds of the insurance coverage made available to the vendor as we'll discuss in a little bit but first let's talk about the actual let's start with insurance and then we'll discuss how it integrates with limitations of liability so generally you're going to require well general liability insurance everybody's pretty familiar with that it covers bodily injury and property damage really important if you're going to have your vendor is going to have its consultants on-site that kind of thing next one you want is you know which is errors and omissions or professional liability sometimes your as professional liability coverage this coverage covers losses arising from the negligence of the vendor when the vendor is delivering professional advice or services again important for especially you can understand for professional services agreements you know as a requirement for the vendor the third thing here is cyber liability we've touched on it earlier let's talk about it a little bit in more detail here cyber liability generally what it covers are the cost associated with breaches of security or data so the least cost would include breach notification cost and media liability coverage those kind of things and so let me give you an example so where your client has personally identifiable information or referred to as PII that it that it's storing or is being accessed by a vendor and that PII is subsequently leaked there are state and federal laws that may require you to notify each individual whose data has been compromised that can be a big big expense if you're talking about a database of five or ten million records that has been compromised so cyber liability coverage what it does is steps in when that happens and helps to mitigate against that risk and really needs to be a requirement and those engage and those engagements that implicate sensitive informations so once you have the policies set out the required policies you want to make sure that you have policy limits that make sense with respect to the types of services being offered or the data being transferred transmitted or access to do this that requires taking into account the nature of the data being stored you know is it PII that could trigger a notification requirement or you know you need to also look at the volume or or the criticality of the work that's being performed the more critical work the higher the limits probably this requires a pretty in-depth internal discussion and generally if you're going to go with high limits it's going to increase the cost of enters going to want to increase the cost of the services to you to help defray that cost for upping their limits if you're if you're going beyond what their standard limits are so once you've got the proper coverages and limits in place the customer will want to ensure that it can access the proceeds that are available under those policies and the event one of them is triggered and here's where we get to the dovetailing so under a typical ITA agreement the vendor is going to limit its liabilities to the amounts paid by the customer a lot of times it's going to say something like it's liability is limited the exposure under this Agreement is limited to the fees paid by the con the customer over the previous calendar year and what we like to do instead of having that artificial limits after the fees paid under the agreement is to set liability limits to the dollar amounts available under the applicable insurance policy so to the extent a policy is triggered because of bender wrongdoing the customer then has access to those funds that are available under the policy you'll get a lot of pushback here this is something that we've seen a lot more recently and have been doing it for quite a while a lot of vendors don't really understand what what is going on here and what they see this as is so say they have a million dollar coverage limit what they see this as if you put this language and the agreement is that you are giving your client the right to access a million dollars in case insurance has triggered and that's not the intent and that's not how the language would be interpreted what that the client still has to show that and damage and it's only going to get the amount up to whatever amounted has been damaged so if it's been damaged by five thousand dollars then that's all it's going to get out of that insurance policy all we're doing here is not setting an artificial limit that is well below what might be available to the vendor to defray the cost associated with its wrongdoings so depending on the bargaining position and sophistication of the vendor you know you may have more look excuse me you may have more luck with this approach in one instance than another but it's fair and something that we try to put into most of the agreements that we negotiate the next issue here is privacy concerns so if we've hit on this a lot it comes up a lot throughout the presentation but here we'll look at other ways to protect the available ways to protect your clients data within the framework of these IT procurement agreements so the first thing you want to have is a solid confidentiality agreement in place and there's a lot that goes on with the confidentiality agreement but one thing I want to highlight for everybody here is that when looking at those agreements you want to make sure you want to pay close attention to how confidential information is defined a lot of confidentiality provisions or agreements will say that confidential confidential information is defined as information that or documents that are labeled as confidential that's in practice really not very helpful at all most of the day that it gets transferred back and forth between your client and the vendor is not going to have a label of confidentiality or confidential information on it so the better position to take in the better language to use this language of confidential information is defined as information that should be reasonably construed as confidential at the time of the sharing of the information something to that effect so that you take away that straight to labeling requirement because there really in practice doesn't work second thing to really understand what negotiating technology agreement and trying to protect your client data is to understand what kind of data will be accessed or stored talked about that a little bit you need to know what data is at risk so is the data PII something we talked about well I didn't really talk about what PII is it's generally defined as information that can be uniquely identified to an individual so the the actual definition varies from statute to statute but it's all pretty pretty well related to that general definition and it can include something like a record that has a name a full name person last name and then it can be reconciled to a driver's license number so having both of those pieces together with be considered personally identifiable information thing goes with like credit card numbers and those kind of things there can also be you know the data can also contain medical information that implicates HIPAA rules or the data is implicates the FTC's identity pastor red flag rules you may be processing credit cards obviously you've got PCI compliance issues these issues need to be well understood prior to entering into any and greet' agreement involving this kind of data so you really need to understand what the data is next you'll want to ensure the vendor is obligated to comply at all times with the relevant data protection statute and you do that by stating it explicitly in the agreement you know where you know that there are particular statutes and rules that are more relevant so the kind of data that you're talking about then make sure that those statutes and rules are included in the agreement and that the vendor you know agrees to comply with where appropriate it may also be helpful to require the vendor to provide a specific contact within its organization that handles privacy and security related inquiries so having that contact set out in the agreement will go a long way to help you manage a situation where there's a data breach event you'll know who to contact with the vendor and that person should have the expertise necessary to help you navigate the sometimes painful waters that are associated with a data breach event so if you do these things hopefully they won't be quite as painful then you'll want the vendor to warranty that it's taking steps to protect the data and that includes a warrant that it will maintain all appropriate technical physical and organization organizational security measures those are the three sort of prongs of security information or data security technical security being like having the data encrypted physical security means like locked cages lost access to office buildings those kind of things and then organizational security would be processes and procedures in place to deal with data breach event so you know where you need it where you're talking about really sensitive or data that is subject to you know some of these rules and you're going to want to ensure that the agreement has all of these things in place and finally like we talked about cyber liability coverage make sure they have it if you've got any kind of data that has any kind of sensitivity like what we talked about here look for data cyber liability if the vendor doesn't have it look somewhere else or tell the vendor to get it that's just it's it's what you need to do in these cases oops okay so the last slide here is negotiation strategies you know these are things that I use when I'm negotiating these kind of agreements there are any number ways to approach a negotiation obviously for these kind of contracts but the approach that I like best is the one that keeps everybody in the positive mood and works towards terms that are beneficial and fair to both parties not trying to fleece the vendor just trying to be fair and protect the client and the strategies that I've found to be the most successful when negotiating these agreements are the ones that set expectation upfront and you know this goes for both parties actually so a lot of times your client doesn't really have an expectation set or doesn't fully understand the process of the negotiation and what you're going to be asking for in the negotiations and that is generally the fault of counsel if you're not communicating to the client what are the things that are important or what you consider to be important when the clients trying to get into an engagement for one of these kinds of agreements then the client can be surprised in a bad way as you move towards resolution and final negotiation on the deal and you're bringing up issues that the client really didn't consider and properly and probably did not certainly didn't convey to the vendor as being an issue and now the clients in a position to look at the vendor and say hey man I didn't know that these things were important sorry we didn't talk about them earlier you know so the good first step and it's not really on the spot but the good first step is to make sure that you and your client really understand what terms are important in these kind of agreements again the goal is here to reduce the likelihood of either party assuming a defensive position that would you know otherwise impair the process of the negotiations as it moves towards conclusions all of these items that I have outlined here are really things that happen at the beginning again talking about setting expectations that means before you get into the nitty-gritty of the negotiation which how that occurs really has a lot more to do with the various parties and their positions and that kind of thing and there you know bargaining power the things that you can control at the outset are things like the first bullet point here sending out an RFP with your organization standard terms and conditions what that does is you know clearly that acclimates the vendor to the idea when they're you know putting together their proposals they understand what terms and conditions you're looking for in the extent that you're looking for let's say insurance provisions that are beyond what are their standard insurance policies then they can understand that okay if I really want this business then I'm going to need to consider and talk with my insurance provider consider upping my limits and you know where they need you they can roll that they can roll that cost back into the their proposed pricing for the client much easier for the vendor to do that on the front ends and to do it at some later day as the negotiations unfolds so where you have where your client is sophisticated enough and has the capacity to have RFPs that have standard terms and conditions is a great way to get the the negotiation started off off on the right foot second when I'm talking about I'll talk about is really the third bullet point here it's related to that first bullet point well you know your why your clients still in the solution comparison phase it's a really good idea to ask for the vendors standard paper to review so you can get a feel as your client is looking at the technology available from that particular vendor vendor and sort of analyzing it and determining whether or not it fits its needs you can be looking at that point at the terms and conditions and a lot of times you can determine you know how how well this vendor may fit into what you're trying to do but based on the terms and conditions that they have you can tell whether the vendors sophisticated has all the proper insurance in place and understands the intellectual property rights you can tell a lot of that stuff by the license or agreement that they provide to you and in doing that you may have some insight as to which vendor would be the more appropriate choice I'm not saying that this would be the primary decision factor from one vendor the other but it's good information to have up front and finally and this one is the kind of the best one and least used as far as I can tell that may not be true but it's definitely one that's the most effective is to prepare the vendor for negotiations by requesting an editable copy of their standard paper at the beginning of the agreement don't do it towards the end do it at the beginning the vendor then knows ok we're gonna we're gonna have to review this the terms and conditions we'll have to get the vendor has to get their counsel involved and that kind of thing it is goes a long way to preparing everybody for the fact that we're going to talk about terms and conditions and this is something that is important to the clients so that's it I appreciate everybody joining the call today I hope you found some nuggets of information in here that were helpful to you and that can be helpful to you moving forward like I said at the beginning if you have any questions feel free to email them to me my contact information is here on the screen and for those of you that are waiting for the CLE information let me pull that up and I'll get that out as well