How to ensure your IT contracts are robust and secure

Owning and managing a business in the 21^st century usually involves a significant degree of reliance on information technology, almost regardless of sector or industry. The extent of this reliance is ever increasing with each passing year, with many businesses now seeing their IT infrastructure as a fundamental and indispensable cornerstone of their operations.

Naturally, with this level of reliance on technology comes an equivalent level of risk. This has been highlighted in the Post Office-Fujitsu-Horizon scandal, where flawed accounting software ultimately led to disastrous consequences for both the organisation and individual postmasters.

In light of risks such as these, it is vital that you have a good handle on your IT contracts. You have to make sure that your contracts protect you against liabilities and allow smooth delivery of information technology throughout your business.

It is so important to know exactly what you are signing when you enter into a software contract for your business. There are so many areas where you can get caught out if you are not careful, so it is wise to appoint an expert solicitor to review your IT contracts before you commit.

In this blog we discuss five key areas to look out for when an IT service provider sends a new software agreement over to you for signing.

IT security questionnaire

You would not buy a business without asking a long series of questions and being relatively comfortable with the answers. The same approach should apply to your IT service providers – you should undertake sufficient due diligence to feel confident that you are not placing your organisation at risk by installing their software. A good way of doing this is via the use of an IT security questionnaire. In this document you will raise a series of technical questions related to the security credentials of the provider and their software, so you can satisfy yourself that it is compatible with your system and will not introduce any new viruses or anything that may cause your business harm.

You should then incorporate the questionnaire and their responses into your contract via the use of a bespoke warranty, which is a contractual promise that their responses are accurate and complete.

Our solicitors will be able to advise on the use of IT security questionnaires and will be able to draft appropriate clauses to turn your provider’s responses into legally binding assurances.

Warranties

In addition to the warranty relating to the IT security questionnaire, there are likely to be other warranties that you will need in the documentation to give you peace of mind. Some of the warranties you may request are as follows:

• assurances regarding ‘uptime’ targets, namely the percentage of time the software will be up and running;
• compliance with laws and good industry practice;
• confirmation that the software will not introduce any known viruses, ransomware, or spyware; and
• a commitment that the software will correspond to any specifications provided and be fit for the purpose for which it was supplied.

Warranties are important as they provide a contractual comfort blanket across important areas which may otherwise fall outside the ambit of the contract.

Our legal team will be able to walk you through all matters relating to warranties, explaining what is reasonable to ask for in the circumstances. They will also be able to negotiate these clauses and ensure the wording is appropriate for you to sign.

Indemnities

In brief terms, an indemnity is a contract clause that requires one party to pay the other for losses and costs incurred due to certain claims being brought. Indemnities play an important role in IT contracts as they allow the allocation of risk across key areas, such as intellectual property rights or data protection breaches.

For example, you will want the benefit of an intellectual property infringement indemnity from your service provider to protect you against any liability in the event they do not have all the rights they need to sell the software. Likewise, if for example they are processing personal data relating to your employees or customers, you will need an indemnity to protect your business if they breach data protection legislation when handling that data.

Our expert solicitors will be on hand to guide you on the whole topic of indemnities, and we can ensure that the indemnity clauses in your contract operate in your best interests and are suitably worded to give you the appropriate protection.

Limitation of liability

Many commentators say the most crucial parts of any contract are the limitation of liability clauses, and this is particularly the case with an IT contract.

You will need to know what is reasonable to ask for in terms of your service provider’s overall financial liability. It is common practice for this to be either represented as a fixed financial sum or as a multiple of annual fees payable, so that the liability cap is linked to the annual contract value. You can also agree any areas which should be excluded from that cap, either entirely or via the use of ‘super cap’ clauses, where you agree a higher limit to cover a specific area of liability. Of course, when agreeing the limit, your provider will wish to bear in mind their insurance limits.

Similarly, as a customer, you will want to place restrictions on your own contractual liability, which is likely to be at a lower limit than that of your provider.

Our team will help you negotiate these caps, advising you on typical industry norms. The aim is to have fair, reasonable and enforceable caps which work in both your interests.

Service Level Agreement

This document is sometimes known as an SLA, and it will typically sit alongside the main agreement as either a separate document or as an annexed schedule. The role of this agreement is to set out a framework of expectations with regards to maintenance and technical support windows, issue resolution and escalation time frames and it will deal with the award of service credits to compensate for any service level failures.

As with the main agreement, your SLA should be scrutinised to ensure that it is the right fit and that the timescales set out work for your organisation.

This document is a very important tool in getting early attention on bugs, glitches and other issues, which may prevent more serious problems developing in the future.

How we can help

If you are looking for legal support in relation to an IT contract for your business, you should get in touch with our contract solicitors without delay. Whether you require advice on contract terms or help with drafting amendments, then our lawyers will be happy to help.

For an informal conversation, please contact a legal advisor in our corporate and commercial team.

This article is for general information only and does not constitute legal or professional advice. Please note that the law may have changed since this article was published.