How Lawyers Can Be the CIO`s Best Friend
Goal 3: Your lawyers need to know as much about a deal as possible. This is true for any transaction, but especially so in IT, where there are always numerous "outs" for vendor performance buried in the contract.
Solution: Make your lawyer(s) a part of the project team for any significant transaction. You're not trying to get your lawyers to draft minute components of statements of work or the exact measurement criteria in a service-level agreement, but having them understand the critical ones is more likely to lead to a contract with viable and enforceable statements of work and service-level agreements.
Goal 4: You need contracts that are focused on your company's needs--vendor forms don't do that. Those forms are designed to achieve the vendor's goals as much as possible, usually at your expense. You won't be able to level that playing field and fairly allocate risk and reward unless you have tools of your own. The terms in vendor form agreements have been crafted to cast the transaction in the light most favorable to them. As an example, you will find that any warranties that you get in vendor form agreements are incredibly limited in scope and duration. A number of warranties, such as a prohibition against the inclusion of disabling code or that the vendor follow appropriate virus protection efforts, aren't even included. Indemnities are also limited, not only in scope, but also in the remedies that are provided. It does you little good to receive an infringement indemnity which evaporates the second you use the vendor's product "in conjunction with" another product. Since it's highly unlikely that you will spend significant sums to acquire a product that operates in complete isolation from any other product, accepting the vendor's approach means that you essentially have no infringement indemnity.
Solution: Have your lawyers develop standard forms for you to give to vendors. These should be based on how you run your business, not some vendor business model. After all, you are doing the transaction to support your business. You will have to deal with the vendor's concerns, but if you don't make the effort to position the deal in terms of your realities, you're going to end up like the guy (me) with the "4E" shoe size trying to fit into a "D" width. Believe me, that's not a comfortable solution and it tends not to work very well.
While these are all laudable goals, you're probably wondering how likely it is that you can accomplish them.
Remember that the legal department is no different than any other department. While it's true that their most obvious success measurements are how well they do in winning lawsuits and helping you stay on the correct side of applicable governmental regulations (think Sarbanes-Oxley, for example), that's not the only thing. Client satisfaction is also critical--and you are a client.
I'm not suggesting that whining to management is the way to achieve your goals. It certainly is not what you want to build a relationship on. Rather, it makes sense to sit down with the legal department and discuss your needs with them.
It is true that if your projects aren't viewed as important in the company's operations you will have a hard sell, but in today's world technology is at least an enabler of many--if not most--significant company initiatives.
Given this situation, it's pretty hard for the lawyers to blow you off completely, at least not without the risk of suffering some consequences when they are seen as an obstacle to company success. If there's one thing that lawyers want to avoid, it's being perceived as bottlenecks to the accomplishment of company goals.
Your ultimate goal is to make sure that they don't avoid this by handling your contracts without actually understanding what those contracts are about.
Dave Weidenfeld recently retired as managing counsel for global and strategic IT matters for McDonald's, where he oversaw negotiations for all global technology contracts and consulted the company's international legal and IT procurement staffs. He can be reached at firstname.lastname@example.org.
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now