This is the latest in a series of articles, initially published in The Global Legal Post, on various technical themes in language which can be understood by those who prefer to use technology rather than immerse themselves in it.
3Kites has worked on many software selections in the last 16 years and our advice to clients is to use our trusted friends at Kemp IT Law to negotiate the contract side of things. Many heed this advice but some will think it saves money to keep this in-house. My response is that this will probably be the only time your lawyer has reviewed a DMS, PMS, IT Services (or similar) contract whereas the guys at KITL have done this many times over and know many of the pitfalls to avoid through experience. Hitting an unforeseen issue here can be costly or worse, affecting a firm’s ability to operate.
Just recently, we have heard of firms struggling to access data as they leave one cloud provider for another. This is just one example of situations that we jointly anticipate by A) 3Kites asking relevant questions in our RfP (tender) document and B) KITL assessing contract termination terms in its review. At this point, I will hand across to Richard Kemp to explain more about the contract review process KITL undertakes for its many law firm clients….
Thanks Paul – the key thing in our experience is for the firm to have a clear idea of what it wants in contractual terms from their new system, and then to be able to assess and manage the gap between what that and what the vendor is committing to provide. The start point here is the vendor’s RfP responses as clarified in subsequent discussions, and the end point will be what the vendor’s contract actually says (after all the sales talk). Working with our law firm clients and leading vendors on the other side of the table, we have a pretty good idea of what’s achievable in managing that gap.
The normal process is for vendors to agree favourable pricing terms on the basis that the deal is papered by month or quarter end, failing which the price will increase. Vendors tend to stick by this (sales commissions hang on period end signings), and contract negotiations can get quite intense in the run up to signature. This, plus the fact that vendor terms continue to harden in the market place, means that firms may have important decisions to take in short order and under time pressure. The best way in our experience to manage this is to ensure that the firm’s decision makers are available to make the necessary decisions during the two to three week period before signing.
A good internal process will go a long way to ensuring a good deal for the firm, but what about the substantive points? Some observations:
If it’s a cloud deal, make sure you understand the boundaries of what your vendor is, and is not, responsible for. If you’re buying a SaaS, who looks after what at the border between the SaaS provider and the platform and hosting vendor? The graphic is a useful representation of how it all fits together as you move from on-prem to in-cloud at different levels of the stack.
What are you buying? In a cloud SaaS deal, you’re really buying a room at the vendor’s hotel where the service level agreement (SLA) is the product, and there may be little scope to negotiate. Does the SLA give you what you need? The vendor is likely to want service credits (what are generally paltry) to be the firm’s only remedy for service failures. Consider elevating this to a right to terminate for breach if there are sustained outages.
Return of data. As Paul suggest, make sure you have a practical route to getting your data back (ideally during lifecycle as well as at contract end) to avoid lock-in. What form will you receive the data in and where will you receive it?
On-prem to in-cloud migration during lifecycle. If you’re likely to be migrating the service from on-prem to in-cloud during contract lifecycle, make sure you’re not paying twice for the same thing (comparing on-prem and in-cloud pricing isn’t really comparing apples with apples) and that you get assistance (which you’re likely to have to pay for) from the vendor.
GDPR. GDPR compliance in tech contract settings is getting more complex, and GDPR terms increasingly account for 25-50% of the page count in a law firm cloud contract deal. Particular areas of focus are the controller / processor boundary, third country transfers and high risk activities. Don’t forget the DPIA!
Liability. On the liability clause, vendors are increasingly seeking to impose an exclusion of indirect loss and a cap on direct loss of 12 months’ charges. Do you need a higher cap for loss of data, breach of confidentiality, security or GDPR duties?
Client and insurer requirements. Finally, we’re seeing client engagement and insurers’ terms becoming more onerous and intrusive around firms’ IT systems and information security generally, so do make sure new systems align with these requirements.
Allowing the time to get these knotty issues right in what can be a pressured run up to contract signature can make all the difference between a successful and a runaway project.