Embed Size (px)
Citation preview
IT CONTRACTSLaw & Regulations
Thibault VERBIESTAttorney at the Paris & Brussels Bars,
Founding Partner ULYSwww.ulys.net – www.droit.be
Infosecurity.be [email protected]
OVERVIEW
Legal environment applicable to IT contracts
Outsourcing of IT contracts
Service Level Agreements (SLA)
LEGAL ENVIRONMENT APPLICABLE TO IT CONTRACTS
I. Obligations of the contracting parties
Pre-contractual period
Principle : freedom to start and stop contractual negotiations
Good faith principle : obligation to give information and advice – liability
Obligations of each party :
The client : inform and participate The provider : inform and to be informed : duty of
information – duty of advice – duty of warning
Liability :
Extra-contractual liability : Breaking off = offence => article 1382 of the Civil code Point of no return
Contractual period
Principle : the good faith => articles 1134 §3 and 1335 of the Civil code
Obligations of each party :
Qualification of the contract Contractual vs extra-contractual obligations Best effort vs result
The client : collaboration, taking delivery, acceptance, payment
The provider : delivery – conformity – delivery deadline, inform and garantee
II. Liabilty
Contractual vs extra-contractual liability Best effort vs result
Damage : direct vs indirect damage
Exemption / limitation of liability
Warranty & insurance
Sanctions :
Penalties : punitive – compensatory Incentives Credits
II. Intellectual property rights (IPR) Overview
IPR : Economic value Ensure :
Legal protection of rights you own Legal entitlement to use others’rights
Subject Legal scope
Software Copyright Law
Software Law
Patent
Databases Copyright Law
Sui generis
IPR – Software
Protected by copyright law and software law
Who is entitled to rights ?
General : contractor – developer (copyright law) Exception : tailor-made software : user-principal can have
limited access to the source code (software law)
Transmission of the copyright
Property transmission Licensing of the right to use
The source codes Source code vs object code Tailor-made vs standard modules Range Reverse engineering
IPR – Databases
Protected by copyright law and databases law
Copyright protects the structure
The sui-generis right (created by the database law) protects the content => prevent extraction or re-utilisation => condition : substantial investment
Who is entitled to rights ?
Structure : the author Content : the maker of the database
Databases and privacy : privacy law of 8/12/1992
OUTSOURCING OF IT CONTRACTS What is outsourcing ?
The substitution of goods or services provided by suppliers for those previously provided internally
Types : Local Onshore Near-shore Offshore
Benefits of outsourcing
Lower costs
Flexibility
Expertise
“A good outsourcing model is one in which the desired services or goods are procured that provide the best value regardless of the location or vendor”
Risks of outsourcing
Finding the right vendor
Understanding the true cost of work outsourced
Establishing common outsourcing procedure &
processes
Controlling and measuring what you buy (SLA)
Remaining a knowledgeable buyer (reversibility)
If work goes offshore : Culture and language barriers Applicable law Privacy and IPR concerns System security issue Time zone differences
What to do ?
Understand what can be outsourced
Establish processes for : Vendor vetting and selection
Vendor relationship management (change request)
Extensive management and quality control (SLA)
Don’t abrogate responsibility
Understanding of obligations for each party
Win/win scenarios (SLA => bonus/malus system)
Be aware that there will be problems (SLA)
Anticipate the end of the relations (reversibility)
SERVICE LEVEL AGREEMENTS
Service Level Agreements (SLA) are:
A SLA is a legal contract that specifies the contractuable deliverables, terms and conditions between the service provider and the end-user
The SLA is a formal, legally binding, statement of expectations and obligations between a service provider and its customer or customers
Use of the SLA
A SLA is used in outsourcing contracts
A SLA answers to the following questions:
Who delivers which service when? What happens if problems arise? What is the service and how is the service
quality assessed? How to work changes into the SLA?
Purposes of using a SLA Identifies and defines customer’s needs
Provides a framework for understanding Simplifies complex issues Reduces areas of conflict Encourages dialog in the event of disputes Eliminates unrealistic expectations Plays as a marketing instrument Plays as a partnership instrument Transforms a “best effort obligation” into
an “obligation of result”
Customer
ASPISV
VAR
IAP SI
BO P
….
Zone of influence of SLA (e.g. ASP)
Zone of influence of SLA
SLA Domains : Networking, Hosting, Application, Support Service…
Writing of an SLA
Application service providers consortium (ASPIC) and World Intellectual Property Organization (WIPO) set up best practices : To build up good relationship between ISP and
customer
To avoid conflicts
ASPIC BEST PRACTICES (I/III)
Infrastructure Data Center Server Load balancing Clustering Geographic Redundancy
Connectivity Network architecture Scalability Connectivity Options
Security Authentication Access Control Integrity Confidentiality Non-repudiation Security of Hardware Security of Software
ASPIC BEST PRACTICES (II/III)
Application Application management Intellectual Rights Property Databases Pricing Application Preparation Sharing of liabilities Sharing of tasks Maintenance of the Application
Maintenance Maintenance of the application Maintenance of the system Maintenance of the Network Reports Help-Desk
ASPIC BEST PRACTICES (III/III)
Implementation Choice of application Preparation of the Platform Installation Configuration and Customisation Conversion / migration of data Reports Tests Integration Training of the customer
Main subjects to cover
1. Introduction and purpose
2. Service to be delivereda) Uptime
b) System response time
c) Lost data
d) Customization
e) Change control
f) Billing responses
g) Report generation
h) Other issues
3. Performance, tracking and reporting
4. Problem management
5. Fees and expenses
6. Customer duties and responsibilities
7. Warranties and remedies
8. Security
9. IPR and confidential information
10. Legal compliance and resolution of disputes
11. Termination
12. Examination of clauses- descriptions
SERVICE LEVELS
Target level
Minimum acceptable level
Unacceptable level
Bonus price
Negotiated price
Price reduction
Contract termination
Service level
Major SLA failures
Negotiation problems
Specification of efforts versus specification of
results
Unclear service specification
Incomplete service specification
Incomplete cost management
« Dead-end » SLA documents
Exit Management
SLA specification : challenges
Scope and Methodology
Pre-understanding
Service level management & service process management
Knowing the actors and following a structured approach
&QUESTION
S
cOMMENTS
