A Guide to IT Contracting: Checklists, Tools, and Techniques

Even leading organizations with sophisticated IT infrastructures and teams of lawyers can find themselves unprepared to deal with the range of issues that can arise in IT contracting. Written by two seasoned attorneys, A Guide to IT Contracting: Checklists, Tools, and Techniques distills the most critical business and legal lessons learned through the authors’ decades of experience drafting and negotiating IT-related agreements. In a single volume, readers can quickly access information on virtually every type of technology agreement. Structured to focus on a particular type of IT agreement, each chapter includes a checklist of essential terms, a brief summary of what the agreement is intended to do, and a complete review of the legal and business issues that are addressed in that particular agreement. Providing non-legal professionals with the tools to address IT contracting issues, the book: Contains checklists to help readers organize key concepts for ready reference Supplies references to helpful online resources and aids for contract drafting Includes downloadable resources with reusable checklists and complete glossary that defines key legal, business, and technical terms Costly mistakes can be avoided, risk can be averted, and better contracts can be drafted if you have access to the right information. Filled with reader-friendly checklists, this accessible reference will set you down that path. Warning you of the most common pitfalls, it arms you with little-known tips and best practices to help you negotiate the key terms of your IT agreements with confidence and ensure you come out on top in your next contract negotiation.

Table of Contents:
Nondisclosure Agreements Checklist Overview Key Considerations Essential Terms Additional Considerations Summary Professional Services Agreements Checklist Overview Preliminary Considerations Key Provision      Term and Termination       Acceptance Testing       Personnel       Subcontracting       Warranties       Indemnification       Limitation of Liability       Intellectual Property Ownership       Change Order       Confidentiality and Information Security       Force Majeure       Nonsolicitation       Insurance       Fees and Costs       Relationship to Other Agreements Summary Statements of Work Checklist Overview Scope of Work and Business Requirements Technical Environment Acceptance Testing Deliverables Documentation Roles and Responsibilities of the Parties Project Management Processes Issue Resolution and Escalation Procedures Risks Pricing and Cost Service Level Agreements Change Orders Summary Idea Submission Agreements Checklist Overview Key Risks of Submissions Key Provisions for Idea Submission Agreements Beware Reverse Submissions Summary Cloud Computing Agreements Checklist Key Considerations Service Levels      Uptime Service Level      Response Time Service Level      Problem Resolution Service Level      Remedies for Service Level Failure Data      Data Security      Disaster Recovery and Business Continuity      Data Redundancy      Use of Customer Information, Data Conversion, and Transition Insurance Indemnification Limitation of Liability      The Limitation of Liability Should Apply to Both Parties License/Access Grant and Fees Term Warranties Publicity and Use of the Customer Trademarks Notification for Security Issues Assignment Pre-Agreement Vendor Due Diligence Conclusion Joint Marketing Agreements Checklist Overview Key Issues and Guiding Principles      Determine the Scope of the Engagement      Marketing Obligations      Referral Arrangements      Confidentiality      Intellectual Property Issues      Warranties and Disclaimers      Term and Termination Summary Software Development Kit (SDK) Agreements Checklist Overview Key Issues and Guiding Principles      Determine What Should Be Included in the SDK      Scope of License      Ownership      Confidentiality      Compatibility Testing      Support      Warranty Disclaimers      Limitations on Liability      Indemnification      Export/Import      Acquisition by Federal Government      Term and Termination Summary Original Equipment Manufacturer (OEM) Development Agreements Checklist Overview Key Issues and Guiding Principles      Joint Development Agreements      Development and Professional Services Agreements      Exchange of IP      Confidentiality      Compensation/Fees/Revenue Share      Change of Control      Assumptions/OEM Customer Obligations      Marketing      End User License Agreement      Audit Rights      Warranties      Support and Maintenance      Limitations of Liability      Indemnification      Termination      Contract Negotiations Summary Health Insurance Portability and Accountability Act (HIPAA) Compliance Checklist Overview      Key Issues and Guiding Principles Who Are BAs? What Can Happen to BAs That Fail to Comply with HIPAA? BA Requirements Under the New Security Breach Notification Requirements BA Requirements for Compliance with HIPAA Security Rule Statutory Liability for Business Associate Agreement Terms BAA Compliance with HITECH Act Requirements Other New HIPAA Requirements Steps for Compliance for Breach Notification Steps for Compliance with HIPAA Security Rule Amendment of BAAs Considerations for Inventory HIPAA-Related Policies Summary Key Issues and Guiding Principles for Negotiating a Software License or OEM Agreement Checklist Key Issues and Guiding Principles Initial Matters Scope of License/Ownership Pricing Audit Rights Limitations of Liability Warranties Support and Maintenance; Professional Service Rates Payment Term and Termination Infringement Indemnification Summary Drafting OEM Agreements (When the Company is the OEM) Checklist Key Issues and Guiding Principles Determine the Scope of the Engagement Customer Terms Territory Hardware Products Exclusivity Supplier Product Changes Support and Training Confidentiality Intellectual Property Issues Warranties and Disclaimers Limitations of Liability Indemnification Term and Termination Summary Collecting Basic Deal Information Checklist Overview Key Considerations Performance Intellectual Property Issues Personal Information Privacy and Security Information Security Other Unique Issues Summary Reducing Security Risks in Information Technology Contracts Checklist Best Practices and Guiding Principles Trade Secret Considerations Copyright Considerations Joint IP Considerations Policy on Embedded Open Source Internal Procedures Policies Following Infringement Employees      Employee Training and Communication      Contractual Protections      Nonemployees and Subcontractors Software Distribution      Object Code vs. Source Code      Language for License Agreements      Nondisclosure Agreements      Audit Rights      Foreign Jurisdictions Source Code Licenses      Escrow the Source Code      Language for Source Code License Agreements Summary Website Assessment Audits Checklist Overview Key Issues and Guiding Principles      Evaluate Your Website      Domain Names      Use of Third Party Trademarks      Hyperlinks      Content      Visitor Uploads?      Applicable Internet Specific Laws      Terms and Conditions      Data Security and Privacy      Insurance      General Considerations Summary Critical Considerations for Protecting IP in a Software Development Environment Checklist Overview Key Issues and Guiding Principles      Vendor Due Diligence      Treatment of Data      Physical Security      Administrative Security      Technical Security      Personnel Security      Subcontractors      Scan for Threats      Back-up and Disaster Recovery      Confidentiality      Security Audits      Warranties      Limitation of Liability      Destruction of Data      Additional Considerations Summary Click-Wrap, Shrink-Wrap, and Web-Wrap Agreements Checklist Overview What Is a "Shrink-Wrap" License? Products Purchased Under Shrink-Wrap Agreements—Common Elements Methods of Purchasing Shrink-Wrap Products Typical Shrink-Wrap Terms and Conditions Key Risks of Shrink-Wrap Products Mitigating Risk Conclusion Transactions Involving Financial Services Companies as the Customer Checklist Overview Three Tools for Better Contracts Key Considerations Summary Maintenance and Support Agreements Checklist Overview Scope of Support and Maintenance Predictability of Fees Support Not to be Withheld Term Partial Termination/Termination and Resumption of Support Specifications Availability Support Escalation Service Levels Summary Source Code Escrow Agreements Checklist Overview What Does It Mean to Escrow Source Code? Types of Escrow Agreements Release Conditions Key Issues for Escrow Agreements Conclusion Integrating Information Security into the Contracting Life Cycle Checklist Overview Due Diligence: The First Tool Key Contractual Protections: The Second Tool Information Security Requirements Exhibit: The Third Tool Conclusion Software Development Kit (DSDK) Agreements Checklist Overview Key Contracting Concerns From the Perspectives of Both Parties      Licensor Concerns      Licensee Concerns Conclusion Distribution Agreements Checklist Overview Key Issues for Distribution Agreements      License Grant      End User License Agreement      Development of the Product      End User Data      Obligations of the Parties      Product Pricing      Additional Considerations Summary Data Agreements Checklist Overview Key Contractual Protections Conclusion Service Level Agreements Checklist Overview Service Level Provisions Commonly Found in the Terms and Conditions Root Cause Analysis, Corrective Actions Plans, and Resolution Cost and Efficiency Reviews Continuous Improvements to Service Levels Termination for Failure to Meet Service Levels Cooperation Service Level Provisions Commonly Found in a Service Level Agreement or Attachment Measurement Window and Reporting Requirements Maximum Monthly at-Risk Amount Performance Credits Presumptive Service Levels Exceptions to Service Levels Supplier Responsibilities with Respect to Service Levels Additions, Deletions, and Modifications to Service Levels Earn-back Form of Service Levels Conclusion Critical Considerations for Records Management and Retention Checklist Introduction Avoiding Spoliation Claims Impact on Litigation/Discovery Costs Developing the Policy Litigation Discovery Procedures Developing The Retention Schedule The E-Mail Problem Authorized Storage Locations Confidentiality and Security Third-party Vendors Proper Destruction Website Development Agreements Checklist Overview Initial Issues to Think About What Are the Basic Objectives of the Website and the Development Agreement? Intellectual Property Ownership Software Requirements Schedules and Timetables Term and Termination Fees and Charges Project Management Acceptance Testing Warranties Indemnifications Content of the Website Linking Issues Insurance Reports, Records, and Audits Training/Education/Troubleshooting Additional Provisions to Consider Summary Social Media Policies Checklist Introduction Policy Scope and Disclaimers No Expectation of Privacy Right, But No Duty, to Monitor Conduct in Social Media Social Networking and Weblogs Employee Questions and Signature Conclusion Software License Agreements Checklist Introduction Four Critical Questions License and Restrictions Acceptance Testing Third-party Software Fees Warranties Indemnification Limitation of Liability Specifications Confidentiality and Security Maintenance and Support Announcements and Publicity Term and Termination Additional Contract Terms Conclusion Glossary FFIEC Booklet Index

About the Author :
Michael R. Overly is a partner in the Information Technology & Outsourcing Practice Group in Foley & Lardner’s Los Angeles office. As an attorney and former electrical engineer, his practice focuses on counseling clients regarding technology licensing, intellectual property development, information security, and electronic commerce. Michael is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified in Risk and Information Systems Controls (CRISC), and Certified Information Privacy Professional (CIPP) certifications. He is a member of the Computer Security Institute and the Information Systems Security Association. Michael is a frequent writer and speaker in many areas including negotiating and drafting technology transactions and the legal issues of technology in the workplace, e-mail, and electronic evidence. He has written numerous articles and books on these subjects and is a frequent commentator in the national press (e.g., the New York Times, Chicago Tribune, Los Angeles Times, Wall Street Journal, ABCNEWS.com, CNN, and MSNBC). In addition to conducting training seminars in the United States, Norway, Japan, and Malaysia, Michael has testified before the US Congress regarding online issues. Among others, he is the author of the best-selling e-policy: How to Develop Computer, E-mail, and Internet Guidelines to Protect Your Company and Its Assets (AMACOM 1998), Overly on Electronic Evidence (West Publishing 2002), The Open Source Handbook (Pike & Fischer 2003), Document Retention in the Electronic Workplace (Pike & Fischer 2001), and Licensing Line-by-Line (Aspatore Press 2004). Matthew A. Karlyn is a partner in the Technology Transactions Practice in the Boston office of Cooley LLP. Matt regularly represents companies in technology transactions and outsourcing transactions and has experience in both private practice as well as in-house for two software companies. A sought after writer and speaker in the area of information technology and the law, Matt has published over 40 articles, written chapters in several books, and given more than 60 presentations on topics ranging from the latest developments in information technology to best practices for drafting and negotiating information technology contracts. In addition to his law degree, Matt also earned a MBA from the University of Chicago in economics and strategic management and regularly advises companies on the business aspects of IT including IT strategy, pricing strategies, RFP development, governance, relationship management and reporting structures, and transition planning and implementation. In 2010, 2011, and 2012 Matt was selected for inclusion in the Massachusetts Super Lawyers – Rising Stars list, an honor given to the top 2.5% of Massachusetts lawyers under the age of 40. Matt has served as Chair of the New England Chapter and the Legal Process Outsourcing Chapter of the International Association of Outsourcing Professionals, is currently a member of the Corporate Law Advisory Board for Stafford Publishing, and for several years served on the Board of Directors of the International Technology Law Association. Matt also served for two years as the Co-Chair of the Boston Bar Association’s Intellectual Property Section’s Computer & Internet Law Committee. For the last three years, Matt was named a judge for the CIO-100, an award program published by CIO magazine that recognizes organizations around the world that exemplify the highest level of operational and strategic excellence in information technology.

Review :
Overly and Karlyn have been top-rated speakers at many of our CIO magazine events, and expert sources for our stories, as well. They truly understand the world of senior IT leaders and the legal complexities of technology vendor management. A Guide to IT Contracting: Checklists, Tools and Techniques, delivers the kind of practical, actionable advice that CIOs crave. —Maryfran Johnson, Editor-in-Chief, CIO Magazine & Events A Guide to IT Contracting: Checklists, Tools and Techniques, is a practical, well-organized, and informative guide that highlights the issues that every lawyer and senior IT executive should use when negotiating various types of IT contracts. This is the book that should be on every lawyer and CIO's desk. Overly and Karlyn have written the 'IT' book for IT contracting. —Arlene Feldman, Vice President and Assistant General Counsel, BJ's Wholesale Club, Inc. —Susan Codner, Assistant Vice President, Senior Counsel, BJ's Wholesale Club, Inc. A Guide to IT Contracting: Checklists, Tools and Techniques is an expert resource to help business leaders navigate the complex waters of IT contracting. Presented in an easy-to-follow format, every reader will benefit from Overly and Karlyn’s depth and breadth of knowledge of information technology and outsourcing law. —Kari Murphy, Managing Director, Hengtian Services LLC Practical and readable, A Guide to IT Contracting: Checklists, Tools and Techniques will become the definitive guide on IT contracting. Overly and Karlyn present actionable techniques for constructing and negotiating virtually every type of IT contract. —Danielle Sheer, General Counsel and Secretary, Carbonite, Inc. In today’s dynamic business world, Overly and Karlyn have created an essential tool for lawyers and non-lawyers alike. A Guide to IT Contracting: Checklists, Tools and Techniques is a concise and useable resource to help navigate the intricacies of information technology agreements; a must-have. —David M. Strauss, General Counsel, EyeLock, Inc.