IT CONTRACTS Law & Regulations Thibault VERBIEST Attorney at the Paris & Brussels Bars,...

IT CONTRACTSLaw & Regulations

Thibault VERBIESTAttorney at the Paris & Brussels Bars,

Founding Partner ULYSwww.ulys.net – www.droit.be

Infosecurity.be 2005Thibault.verbiest@ulys.net

OVERVIEW

Legal environment applicable to IT contracts

Outsourcing of IT contracts

Service Level Agreements (SLA)

LEGAL ENVIRONMENT APPLICABLE TO IT CONTRACTS

I. Obligations of the contracting parties

Pre-contractual period

Principle : freedom to start and stop contractual negotiations

Good faith principle : obligation to give information and advice – liability

Obligations of each party :

The client : inform and participate The provider : inform and to be informed : duty of

information – duty of advice – duty of warning

Liability :

Extra-contractual liability : Breaking off = offence => article 1382 of the Civil code Point of no return

Contractual period

Principle : the good faith => articles 1134 §3 and 1335 of the Civil code

Obligations of each party :

Qualification of the contract Contractual vs extra-contractual obligations Best effort vs result

The client : collaboration, taking delivery, acceptance, payment

The provider : delivery – conformity – delivery deadline, inform and garantee

II. Liabilty

Contractual vs extra-contractual liability Best effort vs result

Damage : direct vs indirect damage

Exemption / limitation of liability

Warranty & insurance

Sanctions :

Penalties : punitive – compensatory Incentives Credits

II. Intellectual property rights (IPR) Overview

IPR : Economic value Ensure :

Legal protection of rights you own Legal entitlement to use others’rights

Subject Legal scope

Software Copyright Law

Software Law

Patent

Databases Copyright Law

Sui generis

IPR – Software

Protected by copyright law and software law

Who is entitled to rights ?

General : contractor – developer (copyright law) Exception : tailor-made software : user-principal can have

limited access to the source code (software law)

Transmission of the copyright

Property transmission Licensing of the right to use

The source codes Source code vs object code Tailor-made vs standard modules Range Reverse engineering

IPR – Databases

Protected by copyright law and databases law

Copyright protects the structure

The sui-generis right (created by the database law) protects the content => prevent extraction or re-utilisation => condition : substantial investment

Who is entitled to rights ?

Structure : the author Content : the maker of the database

Databases and privacy : privacy law of 8/12/1992

OUTSOURCING OF IT CONTRACTS What is outsourcing ?

The substitution of goods or services provided by suppliers for those previously provided internally

Types : Local Onshore Near-shore Offshore

Benefits of outsourcing

Lower costs

Flexibility

Expertise

“A good outsourcing model is one in which the desired services or goods are procured that provide the best value regardless of the location or vendor”

Risks of outsourcing

Finding the right vendor

Understanding the true cost of work outsourced

Establishing common outsourcing procedure &

processes

Controlling and measuring what you buy (SLA)

Remaining a knowledgeable buyer (reversibility)

If work goes offshore : Culture and language barriers Applicable law Privacy and IPR concerns System security issue Time zone differences

What to do ?

Understand what can be outsourced

Establish processes for : Vendor vetting and selection

Vendor relationship management (change request)

Extensive management and quality control (SLA)

Don’t abrogate responsibility

Understanding of obligations for each party

Win/win scenarios (SLA => bonus/malus system)

Be aware that there will be problems (SLA)

Anticipate the end of the relations (reversibility)

SERVICE LEVEL AGREEMENTS

Service Level Agreements (SLA) are:

A SLA is a legal contract that specifies the contractuable deliverables, terms and conditions between the service provider and the end-user

The SLA is a formal, legally binding, statement of expectations and obligations between a service provider and its customer or customers

Use of the SLA

A SLA is used in outsourcing contracts

A SLA answers to the following questions:

Who delivers which service when? What happens if problems arise? What is the service and how is the service

quality assessed? How to work changes into the SLA?

Purposes of using a SLA Identifies and defines customer’s needs

Provides a framework for understanding Simplifies complex issues Reduces areas of conflict Encourages dialog in the event of disputes Eliminates unrealistic expectations Plays as a marketing instrument Plays as a partnership instrument Transforms a “best effort obligation” into

an “obligation of result”

Customer

ASPISV

VAR

IAP SI

BO P

….

Zone of influence of SLA (e.g. ASP)

Zone of influence of SLA

SLA Domains : Networking, Hosting, Application, Support Service…

Writing of an SLA

Application service providers consortium (ASPIC) and World Intellectual Property Organization (WIPO) set up best practices : To build up good relationship between ISP and

customer

To avoid conflicts

ASPIC BEST PRACTICES (I/III)

Infrastructure Data Center Server Load balancing Clustering Geographic Redundancy

Connectivity Network architecture Scalability Connectivity Options

Security Authentication Access Control Integrity Confidentiality Non-repudiation Security of Hardware Security of Software

ASPIC BEST PRACTICES (II/III)

Application Application management Intellectual Rights Property Databases Pricing Application Preparation Sharing of liabilities Sharing of tasks Maintenance of the Application

Maintenance Maintenance of the application Maintenance of the system Maintenance of the Network Reports Help-Desk

ASPIC BEST PRACTICES (III/III)

Implementation Choice of application Preparation of the Platform Installation Configuration and Customisation Conversion / migration of data Reports Tests Integration Training of the customer

Main subjects to cover

1. Introduction and purpose

2. Service to be delivereda) Uptime

b) System response time

c) Lost data

d) Customization

e) Change control

f) Billing responses

g) Report generation

h) Other issues

3. Performance, tracking and reporting

4. Problem management

5. Fees and expenses

6. Customer duties and responsibilities

7. Warranties and remedies

8. Security

9. IPR and confidential information

10. Legal compliance and resolution of disputes

11. Termination

12. Examination of clauses- descriptions

SERVICE LEVELS

Target level

Minimum acceptable level

Unacceptable level

Bonus price

Negotiated price

Price reduction

Contract termination

Service level

Major SLA failures

Negotiation problems

Specification of efforts versus specification of

results

Unclear service specification

Incomplete service specification

Incomplete cost management

« Dead-end » SLA documents

Exit Management

SLA specification : challenges

Scope and Methodology

Pre-understanding

Service level management & service process management

Knowing the actors and following a structured approach

&QUESTION

S

cOMMENTS