27 May Ten questions for software licensing, hardware acquisitions
Companies large and small face a dilemma in obtaining legal input on software licensing and hardware acquisition agreements. On one hand, they know that the terms of such agreements can save, or cost, the company money, sometimes lots of money. On the other hand, they know that attorney negotiation or detailed review of every agreement can be prohibitively expensive. The best practices for obtaining cost effective legal review include the use of a contract assessment tool that enables business people to assess how important legal review is likely to be.
The process is like the triage process medical practitioners use to determine how to apply inadequate medical resources in an emergency. That is, legal resources should not be used to review in detail agreements for software licenses that cost little and will have little impact on the overall success of the enterprise. On the other hand, some situations warrant limited review and others require full involvement of legal counsel. How do you know when each is required?
Here are 10 questions to help you evaluate whether detailed legal review of a proposed software license is warranted:
1. Does the first three years’ total cost of license fees, services, equipment, and support exceed $100,000? If the total cost of a license or system, with all its component costs, is more than the threshold amount selected by your company, there are sufficient resources at stake that a more detailed legal review is in order. Below the threshold, the cost-benefit ratio involving highly skilled information technology transactional lawyers goes down quickly.
No one dollar threshold is right for every enterprise. The right threshold for greater review will vary by the size of the company and the authority and experience of the individual business people involved. A good starting point for most companies might be $100,000. Will the software interface with any broadly used enterprise applications?
2. How many employees will be affected by the new software or hardware? The more people that the new software or hardware may impact, the more important it is that the license, warranty, and services agreements be reviewed for proper performance standards and remedies. A relatively inexpensive software package that could disrupt the activities of large numbers of employees obviously needs greater scrutiny than a more expensive package with little opportunity for major negative interactions.
3. Will the software or systems vendor have ongoing remote access to you company’s systems after the software is installed? The risk of privacy or security compromises rises any time non-employees have access to your systems. Where such access is contemplated, qualified legal counsel should review the proposed agreements to make sure that the vendor is taking responsibility for properly qualifying, training, and supervising employees and that your company has practical, effective remedies if vendor access creates a pathway to disasters, large or small.
4. Will failure of the software or system likely affect your core operations? If the contemplated software affects your core operations, you cannot afford not to be sure that the software comes with the right warranties, specifications, performance criteria, installation deadlines, testing, incentives for performance, and remedies for failure.
5. Will failure of the software or system likely affect access to critical business applications, such as engineering, financial, logistics, and communications systems? Software that might devour bandwidth, interfere with user logon or authentication, or otherwise adversely affect critical business applications needs tighter review. If the software is peripheral and won’t operate in a way detrimental to other systems and applications, then less scrutiny is required.
6. Would a failure of the software, or applications that new software may interact with, adversely affect the company’s ability to satisfy financial or other governmental reporting obligations? I think that there nothing worse than turning an information technology issue into a civil litigation or criminal regulatory compliance problem.
7. Will the company have paid more than 50 percent of the first-year total cost to the vendor before the company will know if the software or system performs in accordance with its specifications? The question here is: at what point have you so committed your time, budgets, or other valuable assets that you have to be sure the vendor will continue to have the right incentives to timely perform its programming, installation, testing, and other responsibilities?
8. Will the software or system be accessed through a remote hosting arrangement, such as an application service provider? Remote access creates the need for tighter, smarter security mechanisms.
9. Is custom software development involved in the transaction? Software development agreements are a special breed needing a difficult combination of tight controls on scope, budgets, and performance on one hand, and room for creativity on the other. Software development agreements are notorious for beginning with inadequate specifications and statements of work and then later succumbing to cost-skyrocketing “project creep.” The inherent risk that newly developed software may infringe the intellectual property rights of others, or violate an open source license, makes defensive review by the acquiring counsel imperative.
10. Will the vendor have access to the company’s confidential or proprietary information? The nightmare scenario is a $100 program that enables an outsider to breach your confidentiality and privacy controls.
Tech triage tools
If any of these 10 questions is answered affirmatively, at least some hands-on legal review is needed. By identifying the relevant parameters, thresholds, important systems, and risks in advance, you could create a custom triage tool that business people could use on their own to assess the importance of obtaining legal review before committing to any software license or development agreement.
Once the project is identified as one needing legal review, getting a tech-savvy lawyer involved earlier, rather than later in the process, can save time and money.
Other columns by Mark Foley
• Mark Foley: Data privacy fix broader than Social Security numbers
• Looking for the nuance in software vendor agreements
• Mark Foley: Beware vendor’s line in software licensing
• A cost-effective way to protect global HR data
• Mark Foley: Developing global data privacy policies for HR data (part 1)
The opinions expressed herein or statements made in the above column are solely those of the author, and do not necessarily reflect the views of Wisconsin Technology Network, LLC. WTN accepts no legal liability or responsibility for any claims made or opinions expressed herein.