A Guide to IT Contracting: Checklists, Tools, and Techniques


Collecting Basic Deal InformationChecklistOverviewKey ConsiderationsPerformanceIntellectual Property IssuesPersonal Information Privacy and SecurityInformation SecurityOther Unique IssuesSummarySoftware License AgreementsChecklistIntroductionFour Critical QuestionsLicense and RestrictionsAcceptance TestingThird-Party SoftwareFeesWarrantiesIndemnificationLimitation of LiabilitySpecificationsConfidentiality and SecurityMaintenance and SupportAnnouncements and PublicityTerm and TerminationAdditional Contract TermsSummaryNondisclosure AgreementsChecklistOverviewKey ConsiderationsEssential TermsAdditional ConsiderationsSummaryProfessional Services AgreementsChecklistOverviewKey ConsiderationsEssential TermsTerm and TerminationAcceptance TestingPersonnelSubcontractingWarrantiesIndemnificationLimitation of LiabilityIntellectual Property OwnershipChange OrderConfidentiality and Information SecurityForce MajeureNonsolicitationInsuranceFees and CostsRelationship to Other AgreementsSummaryStatements of WorkChecklistOverviewEssential TermsScope of Work and Business RequirementsTechnical EnvironmentAcceptance TestingDeliverablesDocumentationRoles and Responsibilities of the PartiesProject Management ProcessesIssue Resolution and Escalation ProceduresRisksPricing and CostService Level AgreementsChange OrdersSummaryCloud Computing AgreementsChecklistKey Considerations and Essential TermsService LevelsUptime Service LevelResponse Time Service LevelProblem Resolution Service LevelRemedies for Service Level FailureDataData SecurityDisaster Recovery and Business ContinuityData RedundancyUse of Customer Information, Data Conversion, and TransitionInsuranceIndemnificationLimitation of LiabilityThe Limitation of Liability Should Apply to Both PartiesLicense/Access Grant and FeesTermWarrantiesPublicity and Use of the Customer TrademarksNotification for Security IssuesAssignmentPre-Agreement Vendor Due DiligenceSummaryClick-Wrap, Shrink-Wrap, and Web-Wrap AgreementsChecklistOverviewWhat Is a “Shrink-Wrap” License?Products Purchased under Shrink-Wrap Agreements—Common ElementsMethods of Purchasing Shrink-Wrap ProductsTypical Shrink-Wrap Terms and ConditionsKey Risks of Shrink-Wrap ProductsMitigating RiskSummaryMaintenance and Support AgreementsChecklistOverviewScope of Support and MaintenancePredictability of FeesSupport Not to Be WithheldTermPartial Termination/Termination and Resumption of SupportSpecificationsAvailabilitySupport EscalationService LevelsSummaryService Level AgreementsChecklistOverviewService Level Provisions Commonly Found in the Terms and ConditionsRoot Cause Analysis, Corrective Action Plans, and ResolutionCost and Efficiency ReviewsContinuous Improvements to Service LevelsTermination for Failure to Meet Service LevelsCooperationService Level Provisions Commonly Found in a Service Level Agreement or AttachmentMeasurement Window and Reporting RequirementsMaximum Monthly At-Risk AmountPerformance CreditsPresumptive Service LevelsExceptions to Service LevelsSupplier Responsibilities with Respect to Service LevelsAdditions, Deletions, and Modifications to Service LevelsEarn-BackForm of Service LevelsSummaryIdea Submission AgreementsChecklistOverviewKey Risks of SubmissionsEssential TermsBeware of Reverse SubmissionsSummaryJoint Marketing AgreementsChecklistOverviewKey Considerations and Essential TermsDetermine the Scope of the EngagementMarketing ObligationsReferral ArrangementsConfidentialityIntellectual Property IssuesWarranties and DisclaimersTerm and TerminationSummarySoftware Development Kit (SDK) AgreementsChecklistOverviewKey Considerations and Essential TermsScope of LicenseOwnershipConfidentialityCompatibility TestingSupportWarranty DisclaimersLimitations on LiabilityIndemnificationAcquisition by Federal GovernmentTerm and TerminationSummaryKey Issues and Guiding Principles for Negotiating a Software License or OEM AgreementChecklistKey Issues and Guiding PrinciplesInitial MattersScope of License/OwnershipPricingAudit RightsLimitations of LiabilityWarrantiesSupport and Maintenance; Professional Service RatesPaymentTerm and TerminationInfringement IndemnificationSummaryDrafting OEM Agreements (When the Company Is the OEM)ChecklistKey Issues and Guiding PrinciplesDetermine the Scope of the EngagementCustomer TermsHardware ProductsExclusivitySupplier Product ChangesSupport and TrainingConfidentialityIntellectual Property IssuesWarranties and DisclaimersLimitations of LiabilityIndemnificationTerm and TerminationSummaryOriginal Equipment Manufacturer (OEM) AgreementsChecklistOverviewKey Contracting Concerns from the Perspectives of Both PartiesSummaryHealth Insurance Portability and Accountability Act (HIPAA) ComplianceChecklistOverviewKey Issues and Guiding PrinciplesWho Are BAs?What Can Happen to BAs That Fail to Comply with HIPAA?BA Requirements under the Security Breach Notification RequirementsBA Requirements for Compliance with HIPAA Security RuleStatutory Liability for Business Associate Agreement TermsBAA Compliance with HITECH Act RequirementsOther HIPAA RequirementsSteps for Compliance for Breach NotificationSteps for Compliance with HIPAA Security RuleAdditional BAA TermsConsiderations for Inventory HIPAA-Related PoliciesSummaryReducing Security Risks in Information Technology ContractsChecklistBest Practices and Guiding PrinciplesTrade Secret ConsiderationsCopyright ConsiderationsJoint IP ConsiderationsPolicy on Embedded Open SourceInternal ProceduresPolicies Following InfringementEmployeesEmployee Training and CommunicationContractual ProtectionsNonemployees and SubcontractorsSoftware DistributionObject Code vs. Source CodeLanguage for License AgreementsNondisclosure AgreementsAudit RightsForeign JurisdictionsSource Code LicensesEscrow the Source CodeLanguage for Source Code License AgreementsSummaryWebsite Assessment AuditsChecklistOverviewKey Issues and Guiding PrinciplesEvaluate Your WebsiteDomain NamesUse of Third-Party TrademarksHyperlinksContentVisitor UploadsApplicable Internet-Specific LawsTerms and ConditionsData Security and PrivacyInsuranceGeneral ConsiderationsSummaryCritical Considerations for Protecting IP in a Software Development EnvironmentChecklistOverviewKey Issues and Guiding PrinciplesVendor Due DiligenceTreatment of DataPhysical SecurityAdministrative SecurityTechnical SecurityPersonnel SecuritySubcontractorsScan for ThreatsBackup and Disaster RecoveryConfidentialitySecurity AuditsWarrantiesLimitation of LiabilityTerminationSecurity Breach NotificationInsuranceDestruction of DataAdditional ConsiderationsSummaryTransactions Involving Financial Services Companies as the CustomerChecklistOverviewThree Tools for Better ContractsKey ConsiderationsSummarySource Code Escrow AgreementsChecklistOverviewWhat Does It Mean to Escrow Source Code?Types of Escrow AgreementsRelease ConditionsKey Issues for Escrow AgreementsSummaryIntegrating Information Security into the Contracting Life CycleChecklistOverviewDue Diligence: The First ToolKey Contractual Protections: The Second ToolInformation Security Requirements Exhibit: The Third ToolSummaryExample Information Security Requirements ExhibitDistribution AgreementsChecklistOverviewKey Issues for Distribution AgreementsLicense GrantEnd-User License AgreementDevelopment of the ProductEnd-User DataObligations of the PartiesProduct PricingAdditional ConsiderationsSummaryData AgreementsChecklistOverviewKey Contractual ProtectionsSummaryWebsite Development AgreementsChecklistOverviewInitial Issues to Think AboutWhat are the Basic Objectives of the Website and the Development Agreement?Intellectual Property OwnershipSoftware RequirementsSchedules and TimetablesTerm and TerminationFees and ChargesProject ManagementAcceptance TestingWarrantiesIndemnificationsContent of the WebsiteLinking IssuesInsuranceReports, Records, and AuditsTraining/Education/TroubleshootingAdditional Provisions to ConsiderSummarySocial Media PoliciesChecklistIntroductionPolicy Scope and DisclaimersNo Expectation of PrivacyRight, But No Duty, To MonitorConduct in Social MediaSocial Networking and WeblogsEmployee Questions and SignatureSummaryCritical Considerations for Records Management and RetentionChecklistOverviewAvoiding Spoliation ClaimsImpact on Litigation/Discovery CostsDeveloping the PolicyLitigation Discovery ProceduresDeveloping the Retention ScheduleThe E-Mail ProblemAuthorized Storage LocationsConfidentiality and SecurityThird-Party VendorsProper DestructionSummaryGlossaryINTRODUCTIONBOARD AND MANAGEMENT RESPONSIBILITIESRISK MANAGEMENTRisk Assessment and RequirementsQuantity of Risk ConsiderationsRequirements DefinitionService Provider SelectionRequest for ProposalDue DiligenceContract IssuesService Level Agreements (SLAs)Pricing MethodsBundlingContract Inducement ConcernsOngoing MonitoringKey Service Level Agreements and Contract ProvisionsFinancial Condition of Service ProvidersGeneral Control Environment of the Service ProviderPotential Changes due to the External EnvironmentRELATED TOPICSBusiness Continuity PlanningOutsourcing the Business Continuity FunctionInformation Security/SafeguardingMultiple Service Provider RelationshipsOutsourcing to Foreign Service ProvidersAPPENDIX A: EXAM PROCEDURESAPPENDIX B: LAWS, REGULATIONS, AND GUIDANCEAPPENDIX C: FOREIGN-BASED THIRD-PARTY SERVICE PROVIDERS
 
Next >