How Lawyers Can Be the CIO`s Best FriendBy David Weidenfeld | Posted 02-29-2008
How Lawyers Can Be the CIO`s Best Friend
One of the difficulties that CIOs--and indeed any member of IT management--faces is having their lawyers provide the true value that IT needs.
Wait, you say. How do lawyers provide value to IT other than the obvious review of terms and conditions in contracts?
Lawyers can provide real value by being knowledgeable about what their clients do and the world that they live in, so that their review of terms and conditions is done from a position that reflects that knowledge and not ignorance of it.
For example, it's pretty unlikely that most commercial lawyers have any idea what DASD means. A few more might know what FTP is because they've become computer junkies. The more that the lawyer handling your contract understands about what's going on when contracts are presented to them, the more likely it is that they will negotiate terms and conditions that allow you to receive the biggest bang for your buck.
In today's world, it's insufficient that lawyers just understand the contract terms that you are faced with or that they are tenacious negotiators; those skills are generally presumed to be there. There are other things that enhance those skills and allow a lawyer to provide IT with the kind of counsel that enables them to truly participate in critical decision making.
Obviously, lawyers need to maintain some objectivity--you can't expect them to be caught up in every aspect of the deal and be able to provide the impartial legal service that you count on receiving.
On the other hand, the more they truly understand your overall tactical and strategic business goals, the more likely they are to see beyond the basic terms of a particular agreement. This is critical to IT's success in the long term. Understanding long-term goals of your IT organization lets your lawyer structure agreements and provide guidance that is consistent with your business goals.
I can tell you from personal experience that very few in-house lawyers have any real understanding of IT. I certainly didn't start out that way. There are a number of goals that IT needs to accomplish to turn their lawyers from someone who merely dots the "i" and crosses the "t" to someone who IT relies on and wants as part of their process.
Having those goals isn't enough--you also need to think about you can achieve them. Here's how:
Goal 1: You need lawyers that are familiar with--if not experts in--IT transactions. The occasional tourist isn't going to do you any good, as they don't develop a real feel for the nature of the beast that is an IT transaction.
Solution: Make an effort to have the same lawyer (or group of lawyers) work on all of your transactions. Remember that the vendor's lawyers work on nothing but these transactions, and if you have an "amateur" on your side, you will be operating at a distinct disadvantage. Clauses that appear to be routine legalese to the inexperienced IT lawyer have the potential to turn into weapons of your destruction in the hands of the vendor lawyers.
Goal 2: You need lawyers who see each transaction in the overall context of your business and technical requirements and have an real understanding of what those requirements mean. Otherwise, there is no way they will see the big picture. If all they get is the occasional snapshot--and have no understanding of what your organization actually does--then they don't get a true picture of what is going on. You can be sure that the vendor lawyers understand what's going on.
Solution: It's up to IT to educate their attorneys as many aspects of IT's business as it can. That way, when they look at a contract, they can see it in the context of the other deals that they have worked on for you. This doesn't just happen by itself--it's up to you to spend the time to make it happen. Osmosis may be a great scientific principle, but if you wait for that to happen, you're not going to get anything done.
Page 2: Knowledge and Focus
How Lawyers Can Be the CIO`s Best Friend
pagebreak title = 'Knowledge and Focus'}
Goal 3: Your lawyers need to know as much about a deal as possible. This is true for any transaction, but especially so in IT, where there are always numerous "outs" for vendor performance buried in the contract.
Solution: Make your lawyer(s) a part of the project team for any significant transaction. You're not trying to get your lawyers to draft minute components of statements of work or the exact measurement criteria in a service-level agreement, but having them understand the critical ones is more likely to lead to a contract with viable and enforceable statements of work and service-level agreements.
Goal 4: You need contracts that are focused on your company's needs--vendor forms don't do that. Those forms are designed to achieve the vendor's goals as much as possible, usually at your expense. You won't be able to level that playing field and fairly allocate risk and reward unless you have tools of your own. The terms in vendor form agreements have been crafted to cast the transaction in the light most favorable to them. As an example, you will find that any warranties that you get in vendor form agreements are incredibly limited in scope and duration. A number of warranties, such as a prohibition against the inclusion of disabling code or that the vendor follow appropriate virus protection efforts, aren't even included. Indemnities are also limited, not only in scope, but also in the remedies that are provided. It does you little good to receive an infringement indemnity which evaporates the second you use the vendor's product "in conjunction with" another product. Since it's highly unlikely that you will spend significant sums to acquire a product that operates in complete isolation from any other product, accepting the vendor's approach means that you essentially have no infringement indemnity.
Solution: Have your lawyers develop standard forms for you to give to vendors. These should be based on how you run your business, not some vendor business model. After all, you are doing the transaction to support your business. You will have to deal with the vendor's concerns, but if you don't make the effort to position the deal in terms of your realities, you're going to end up like the guy (me) with the "4E" shoe size trying to fit into a "D" width. Believe me, that's not a comfortable solution and it tends not to work very well.
While these are all laudable goals, you're probably wondering how likely it is that you can accomplish them.
Remember that the legal department is no different than any other department. While it's true that their most obvious success measurements are how well they do in winning lawsuits and helping you stay on the correct side of applicable governmental regulations (think Sarbanes-Oxley, for example), that's not the only thing. Client satisfaction is also critical--and you are a client.
I'm not suggesting that whining to management is the way to achieve your goals. It certainly is not what you want to build a relationship on. Rather, it makes sense to sit down with the legal department and discuss your needs with them.
It is true that if your projects aren't viewed as important in the company's operations you will have a hard sell, but in today's world technology is at least an enabler of many--if not most--significant company initiatives.
Given this situation, it's pretty hard for the lawyers to blow you off completely, at least not without the risk of suffering some consequences when they are seen as an obstacle to company success. If there's one thing that lawyers want to avoid, it's being perceived as bottlenecks to the accomplishment of company goals.
Your ultimate goal is to make sure that they don't avoid this by handling your contracts without actually understanding what those contracts are about.
Dave Weidenfeld recently retired as managing counsel for global and strategic IT matters for McDonald's, where he oversaw negotiations for all global technology contracts and consulted the company's international legal and IT procurement staffs. He can be reached at firstname.lastname@example.org.