Software Contracts: 10 Devilish Details - InformationWeek
IT Leadership // CIO Insights & Innovation
09:06 AM
Bennett Quillen
Bennett Quillen

Software Contracts: 10 Devilish Details

Don't sign on that dotted line until you review these critical criteria. Check out part two in our software contract series.

How will the vendor support installation of a new release? Will it be onsite, remote, or a combination? What additional costs will your company incur for on-site vendor support?

Obviously, the extent of vendor support depends on your company's technology resources and the complexity of the release. Nonetheless, it's important to define in the contract the type and extent of vendor support. In fact, for a major application, your vendor should commit to a specific number of qualified people to maintain the system. For any large application -- a purchasing or deposit accounting program, for instance -- at least 10 people should be required.

7. De-conversion costs
This one is a bit unusual. Basically, you need to negotiate a set amount today for how much the vendor will charge your company when (or if) you de-convert from its system five years from now.

Vendors can charge some excessive (high-six-digit) de-conversion costs for simply handing over production files to another vendor. Those costs are typically two or three times the monthly operating costs then in effect. Consequently, you need to try to negotiate the cost for the equivalent of one month.

8. Training and education
Other than the system's functionality, training is the vendor's single most important offering. Make sure that the hours and quality of training and documentation are sufficient for all of the different functions.

The contract should specify the amount of training the vendor will provide, for both non-technology users and technical or systems personnel. The vendor should specify in the contract the amount, type, and location of the training, whether at the vendor's site, at your facility, or remotely, such as over WebEx.

The size and complexity of the application installation and conversion will determine the best mix of training and education. Most vendors will provide a substantial amount of education at its location at no charge.

For a large application or series of modules, the vendor should provide a remote production training application -- so that users can train on the system whenever time permits -- for free or at a nominal cost. All training that involves an instructor, whether on-site or on a vendor's premises, should have an associated cost. If your company exceeds the contractually allotted training time, the company would incur an additional charge.

In addition, stipulate in the contract that any "unused" training during a specific period (usually a year) gets credited to your account in the upcoming period or used to offset your company's software maintenance fee.

Ask for contract provisions that require the vendor to schedule and coordinate periodic user meetings or workshops. These events will help ensure that your maintenance payments go toward a system that's up-to-date.

9. Acceptance testing
Most software contracts don't provide a sufficiently complete definition of when a system or application is actually accepted by the customer. Before a company accepts a system, it must conduct an "acceptance test."

Such a test must involve processing actual company production data, not just vendor data. Acceptance testing occurs long before the actual conversion but after the physical delivery of the system. Depending upon the application's complexity and the scope of the conversion, a proper acceptance test can require 30 to 60 days.

Clearly, the entire contract depends upon a successful acceptance test. Consequently, if the application fails this test, the vendor must refund all money.

10. Service-level agreements
The contract must also spell out criteria for service-level agreements. The vendor’s adherence to SLAs will affect whether your companies continues with the software and the annual maintenance.

SLA criteria depend upon whether your firm processes the software in-house or in a service bureau operation. SLAs must define and quantify such factors as percentage uptime, availability, and response time.

If the vendor doesn't meet the SLAs, penalties include refunds, credits to future invoices, and even contract cancellation without prejudice. The contract must spell out the amount or percentage of penalties.

There's only one way for a company to ensure that it understands the contract and all of its ramifications: Study it!

InformationWeek Conference is an exclusive two-day event taking place at Interop where you will join fellow technology leaders and CIOs for a packed schedule with learning, information sharing, professional networking, and celebration. Come learn from each other and honor the nation's leading digital businesses at our InformationWeek Elite 100 Awards Ceremony and Gala. You can find out more information and register here. In Las Vegas, March 31 to April 1, 2014.

Bennett Quillen, a former CIO for a leading mutual fund processing firm, has more than 35 years of experience in financial industry technology, operations, cash management, and compliance. Today he provides financial institutions with project management and technology advice, ... View Full Bio

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
2/6/2014 | 6:38:20 AM
Always have a contract checked!
It is always advisable to have a contract checked by qualified lawyers. It doesn't matter if it is a supply, maintenance or developmet (hardware / software) contract - a wrongly worded contract can cost you 1000s or even your business and reputation. Search for 'contract checking services' - it is more cost-effective your might think.
User Rank: Strategist
2/5/2014 | 4:11:36 PM
Re: What About Data Breaches?
Good catch!  Yes; with all the furore over data breaches today, this should be a high profile SLA.  Thanks.  Bennett
User Rank: Ninja
2/5/2014 | 3:48:30 PM
What About Data Breaches?
This is quite the comprehensive checklist that any decision maker in any IT dept. should have handy, but I might also add that it should also include and spell out in no uncertain terms the  client's rights and responsibilities in the event the vendor's servers are hacked and data is breached.  All too often when this happens it is the innocent client (and its clients) who bears the brunt of a breach.  As long as we're spelling out/negotiating a memorandum of understanding between the parties, we may as well add data breaches while we're at it.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll