Software Contracts: 10 Devilish Details - InformationWeek
IT Leadership // CIO Insights & Innovation
09:06 AM
Bennett Quillen
Bennett Quillen

Software Contracts: 10 Devilish Details

Don't sign on that dotted line until you review these critical criteria. Check out part two in our software contract series.

You're about to sign a contract for a core application. You've already reviewed the software's current and future capabilities, performed due diligence on the depth and knowledge of the vendor and its staff, checked references, and assessed the vendor's financial stability.

In my last column, I discussed the key terms and conditions your software vendor must include or define in the contract. So now you're all set to sign on the dotted line, right? Not yet. This column will discuss several other critical criteria you'll need to cover first.

1. Warranties and maintenance liability
What warranties or maintenance guaranties are expressed or implied in the contract? Be certain that they're clearly defined.

2. Regulatory changes and compliance
The contract must explicitly state that the software vendor is responsible for all regulatory compliance within the scope of its application.

[Looking to improve your digital business? Read Top 10 Retail CIO Priorities For 2014. ] 

Remember that such compliance includes state as well as federal regulations. Your vendor might not have previously sold its applications in your state. This requirement is of particular importance with certain kinds of applications, such as payroll, credit card, and consumer-loan processing.

3. Computational errors
The contract should specify responsibility for computational errors (not input errors); for example, incorrect rounding. The contract must define computational errors, how soon your company needs to identify them, and the extent of financial compensation the vendor must pay in the event it makes computational errors.

4. Ownership of code
Does the vendor supply you with only the object code? If so, what's your position of ownership if your vendor reorganizes, files for bankruptcy protection, or goes out of business? Your company must retain complete rights to the source code.

Image: Wikipedia.
Image: Wikipedia.

5. Software interfaces
The contract should clarify the effect, if any, of other software interfaces on the vendor's system. For example, your company might want to develop, internally or through a contract programming firm, its own interfaces to other applications, such as general ledger and customer information systems.

Non-vendor interfaces might nullify parts of the warranty, particularly responsibility for computational errors.

6. Vendor releases
Does the vendor specify the number of releases it will issue during a given period of time? This contract provision usually isn't necessary, as long as the vendor upgrades in a timely manner. However, it's wise to include provisions that the vendor will provide software releases to meet federal and state regulatory changes and to keep current with market conditions.

Who's responsible for installing the releases? This issue is particularly important if your company intends to develop its own interfaces or modify the software. The last thing you want is your version to be "out of sync" with the vendor's standard.

Bennett Quillen, a former CIO for a leading mutual fund processing firm, has more than 35 years of experience in financial industry technology, operations, cash management, and compliance. Today he provides financial institutions with project management and technology advice, ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
2/6/2014 | 6:38:20 AM
Always have a contract checked!
It is always advisable to have a contract checked by qualified lawyers. It doesn't matter if it is a supply, maintenance or developmet (hardware / software) contract - a wrongly worded contract can cost you 1000s or even your business and reputation. Search for 'contract checking services' - it is more cost-effective your might think.
User Rank: Strategist
2/5/2014 | 4:11:36 PM
Re: What About Data Breaches?
Good catch!  Yes; with all the furore over data breaches today, this should be a high profile SLA.  Thanks.  Bennett
User Rank: Ninja
2/5/2014 | 3:48:30 PM
What About Data Breaches?
This is quite the comprehensive checklist that any decision maker in any IT dept. should have handy, but I might also add that it should also include and spell out in no uncertain terms the  client's rights and responsibilities in the event the vendor's servers are hacked and data is breached.  All too often when this happens it is the innocent client (and its clients) who bears the brunt of a breach.  As long as we're spelling out/negotiating a memorandum of understanding between the parties, we may as well add data breaches while we're at it.
Register for InformationWeek Newsletters
White Papers
Current Issue
Cybersecurity Strategies for the Digital Era
At its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll