Software Contracts: 10 Devilish Details - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CIO Insights & Innovation
Security & Risk Strategy
Team Building & Staffing
IT Strategy
Digital Business
Project Management
Programming Languages
Dr. Dobb's
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Network Security
Careers & People
Threat Intelligence
IoT
Attacks & Breaches
Application Security
Cloud Security
Endpoint Security
Mobile Security
Perimeter Security
Risk Management
Operations Security
Analytics
Vulnerabilities & Threats
Security & Risk Strategy
Infrastructure as a Service
Platform as a Service
Software as a Service
Cloud Storage
Data Centers
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
AI/Machine Learning
Big Data Analytics
Hardware/Architectures
Software Platforms
IoT
Networking
Wireless Infrastructure
Data Centers
Cloud Infrastructure
Careers and Certifications
Network Security
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
Industries
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
IT Life
Careers
Mobile
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
Software
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
IT Leadership // CIO Insights & Innovation
Commentary
2/5/2014
09:06 AM
Bennett Quillen
Bennett Quillen
Commentary
3 comments
Comment Now
50%
50%

Software Contracts: 10 Devilish Details

Don't sign on that dotted line until you review these critical criteria. Check out part two in our software contract series.

You're about to sign a contract for a core application. You've already reviewed the software's current and future capabilities, performed due diligence on the depth and knowledge of the vendor and its staff, checked references, and assessed the vendor's financial stability.

In my last column, I discussed the key terms and conditions your software vendor must include or define in the contract. So now you're all set to sign on the dotted line, right? Not yet. This column will discuss several other critical criteria you'll need to cover first.

1. Warranties and maintenance liability
What warranties or maintenance guaranties are expressed or implied in the contract? Be certain that they're clearly defined.

2. Regulatory changes and compliance
The contract must explicitly state that the software vendor is responsible for all regulatory compliance within the scope of its application.

[Looking to improve your digital business? Read Top 10 Retail CIO Priorities For 2014. ] 

Remember that such compliance includes state as well as federal regulations. Your vendor might not have previously sold its applications in your state. This requirement is of particular importance with certain kinds of applications, such as payroll, credit card, and consumer-loan processing.

3. Computational errors
The contract should specify responsibility for computational errors (not input errors); for example, incorrect rounding. The contract must define computational errors, how soon your company needs to identify them, and the extent of financial compensation the vendor must pay in the event it makes computational errors.

4. Ownership of code
Does the vendor supply you with only the object code? If so, what's your position of ownership if your vendor reorganizes, files for bankruptcy protection, or goes out of business? Your company must retain complete rights to the source code.

Image: Wikipedia.
Image: Wikipedia.

5. Software interfaces
The contract should clarify the effect, if any, of other software interfaces on the vendor's system. For example, your company might want to develop, internally or through a contract programming firm, its own interfaces to other applications, such as general ledger and customer information systems.

Non-vendor interfaces might nullify parts of the warranty, particularly responsibility for computational errors.

6. Vendor releases
Does the vendor specify the number of releases it will issue during a given period of time? This contract provision usually isn't necessary, as long as the vendor upgrades in a timely manner. However, it's wise to include provisions that the vendor will provide software releases to meet federal and state regulatory changes and to keep current with market conditions.

Who's responsible for installing the releases? This issue is particularly important if your company intends to develop its own interfaces or modify the software. The last thing you want is your version to be "out of sync" with the vendor's standard.

Bennett Quillen, a former CIO for a leading mutual fund processing firm, has more than 35 years of experience in financial industry technology, operations, cash management, and compliance. Today he provides financial institutions with project management and technology advice, ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
More White Papers
Reports
More Reports
Comments
Newest First  |  Oldest First  |  Threaded View
Check-A-Contract
100%
0%
Check-A-Contract,
 User Rank: Apprentice
2/6/2014 | 6:38:20 AM
Always have a contract checked!
It is always advisable to have a contract checked by qualified lawyers. It doesn't matter if it is a supply, maintenance or developmet (hardware / software) contract - a wrongly worded contract can cost you 1000s or even your business and reputation. Search for 'contract checking services' - it is more cost-effective your might think.
bquillen280
50%
50%
bquillen280,
 User Rank: Strategist
2/5/2014 | 4:11:36 PM
Re: What About Data Breaches?
Good catch!  Yes; with all the furore over data breaches today, this should be a high profile SLA.  Thanks.  Bennett
asksqn
50%
50%
asksqn,
 User Rank: Ninja
2/5/2014 | 3:48:30 PM
What About Data Breaches?
This is quite the comprehensive checklist that any decision maker in any IT dept. should have handy, but I might also add that it should also include and spell out in no uncertain terms the  client's rights and responsibilities in the event the vendor's servers are hacked and data is breached.  All too often when this happens it is the innocent client (and its clients) who bears the brunt of a breach.  As long as we're spelling out/negotiating a memorandum of understanding between the parties, we may as well add data breaches while we're at it.
Editors' Choice
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Download This Issue!
Slideshows
Flash Poll