Strategic CIO // Executive Insights & Innovation
09:06 AM
Bennett Quillen
Bennett Quillen
Connect Directly
Repost This

Software Contracts: 10 Devilish Details

Don't sign on that dotted line until you review these critical criteria. Check out part two in our software contract series.

You're about to sign a contract for a core application. You've already reviewed the software's current and future capabilities, performed due diligence on the depth and knowledge of the vendor and its staff, checked references, and assessed the vendor's financial stability.

In my last column, I discussed the key terms and conditions your software vendor must include or define in the contract. So now you're all set to sign on the dotted line, right? Not yet. This column will discuss several other critical criteria you'll need to cover first.

1. Warranties and maintenance liability
What warranties or maintenance guaranties are expressed or implied in the contract? Be certain that they're clearly defined.

2. Regulatory changes and compliance
The contract must explicitly state that the software vendor is responsible for all regulatory compliance within the scope of its application.

[Looking to improve your digital business? Read Top 10 Retail CIO Priorities For 2014. ] 

Remember that such compliance includes state as well as federal regulations. Your vendor might not have previously sold its applications in your state. This requirement is of particular importance with certain kinds of applications, such as payroll, credit card, and consumer-loan processing.

3. Computational errors
The contract should specify responsibility for computational errors (not input errors); for example, incorrect rounding. The contract must define computational errors, how soon your company needs to identify them, and the extent of financial compensation the vendor must pay in the event it makes computational errors.

4. Ownership of code
Does the vendor supply you with only the object code? If so, what's your position of ownership if your vendor reorganizes, files for bankruptcy protection, or goes out of business? Your company must retain complete rights to the source code.

Image: Wikipedia.
Image: Wikipedia.

5. Software interfaces
The contract should clarify the effect, if any, of other software interfaces on the vendor's system. For example, your company might want to develop, internally or through a contract programming firm, its own interfaces to other applications, such as general ledger and customer information systems.

Non-vendor interfaces might nullify parts of the warranty, particularly responsibility for computational errors.

6. Vendor releases
Does the vendor specify the number of releases it will issue during a given period of time? This contract provision usually isn't necessary, as long as the vendor upgrades in a timely manner. However, it's wise to include provisions that the vendor will provide software releases to meet federal and state regulatory changes and to keep current with market conditions.

Who's responsible for installing the releases? This issue is particularly important if your company intends to develop its own interfaces or modify the software. The last thing you want is your version to be "out of sync" with the vendor's standard.

Bennett Quillen, a former CIO for a leading mutual fund processing firm, has more than 35 years of experience in financial industry technology, operations, cash management, and compliance. Today he provides financial institutions with project management and technology advice, ... View Full Bio

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
2/6/2014 | 6:38:20 AM
Always have a contract checked!
It is always advisable to have a contract checked by qualified lawyers. It doesn't matter if it is a supply, maintenance or developmet (hardware / software) contract - a wrongly worded contract can cost you 1000s or even your business and reputation. Search for 'contract checking services' - it is more cost-effective your might think.
User Rank: Strategist
2/5/2014 | 4:11:36 PM
Re: What About Data Breaches?
Good catch!  Yes; with all the furore over data breaches today, this should be a high profile SLA.  Thanks.  Bennett
User Rank: Ninja
2/5/2014 | 3:48:30 PM
What About Data Breaches?
This is quite the comprehensive checklist that any decision maker in any IT dept. should have handy, but I might also add that it should also include and spell out in no uncertain terms the  client's rights and responsibilities in the event the vendor's servers are hacked and data is breached.  All too often when this happens it is the innocent client (and its clients) who bears the brunt of a breach.  As long as we're spelling out/negotiating a memorandum of understanding between the parties, we may as well add data breaches while we're at it.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.