IT CONTRACTS Law & Regulations
Download
Report
Transcript IT CONTRACTS Law & Regulations
IT CONTRACTS
Law & Regulations
Thibault VERBIEST
Attorney at the Paris & Brussels Bars,
Founding Partner ULYS
www.ulys.net – www.droit.be
Infosecurity.be 2005
[email protected]
OVERVIEW
Legal environment applicable to IT
contracts
Outsourcing of IT contracts
Service Level Agreements (SLA)
LEGAL ENVIRONMENT
APPLICABLE TO IT CONTRACTS
I. Obligations of the contracting parties
Pre-contractual period
Principle : freedom to start and stop contractual
negotiations
Good faith principle : obligation to give information
and advice – liability
Obligations of each party :
The client : inform and participate
The provider : inform and to be informed : duty of
information – duty of advice – duty of warning
Liability :
Extra-contractual liability :
Breaking off = offence => article 1382 of the Civil code
Point of no return
Contractual period
Principle : the good faith => articles 1134 §3 and
1335 of the Civil code
Obligations of each party :
Qualification of the contract
Contractual vs extra-contractual obligations
Best effort vs result
The client : collaboration, taking delivery, acceptance,
payment
The provider : delivery – conformity – delivery deadline,
inform and garantee
II. Liabilty
Contractual vs extra-contractual liability
Best effort vs result
Damage : direct vs indirect damage
Exemption / limitation of liability
Warranty & insurance
Sanctions :
Penalties : punitive – compensatory
Incentives
Credits
II. Intellectual property rights (IPR)
Overview
Subject
Software
Databases
Legal scope
Copyright Law
Software Law
Patent
Copyright Law
Sui generis
IPR :
Economic value
Ensure :
Legal protection of rights you own
Legal entitlement to use others’rights
IPR – Software
Protected by copyright law and software law
Who is entitled to rights ?
General : contractor – developer (copyright law)
Exception : tailor-made software : user-principal can have
limited access to the source code (software law)
Transmission of the copyright
Property transmission
Licensing of the right to use
The source codes
Source code vs object code
Tailor-made vs standard modules
Range
Reverse engineering
IPR – Databases
Protected by copyright law and databases law
Copyright protects the structure
The sui-generis right (created by the database law)
protects the content => prevent extraction or reutilisation => condition : substantial investment
Who is entitled to rights ?
Structure : the author
Content : the maker of the database
Databases and privacy : privacy law of 8/12/1992
OUTSOURCING OF IT
CONTRACTS
What is outsourcing ?
The substitution of goods or services provided
by suppliers for those previously provided
internally
Types :
Local
Onshore
Near-shore
Offshore
Benefits of outsourcing
Lower costs
Flexibility
Expertise
“A good outsourcing model is one in which the
desired services or goods are procured that
provide the best value regardless of the location
or vendor”
Risks of outsourcing
Finding the right vendor
Understanding the true cost of work outsourced
Establishing common outsourcing procedure &
processes
Controlling and measuring what you buy (SLA)
Remaining a knowledgeable buyer (reversibility)
If work goes offshore :
Culture and language barriers
Applicable law
Privacy and IPR concerns
System security issue
Time zone differences
What to do ?
Understand what can be outsourced
Establish processes for :
Vendor vetting and selection
Vendor relationship management (change request)
Extensive management and quality control (SLA)
Don’t abrogate responsibility
Understanding of obligations for each party
Win/win scenarios (SLA => bonus/malus system)
Be aware that there will be problems (SLA)
Anticipate the end of the relations (reversibility)
SERVICE LEVEL AGREEMENTS
Service Level Agreements (SLA) are:
A SLA is a legal contract that specifies the
contractuable deliverables, terms and conditions
between the service provider and the end-user
The SLA is a formal, legally binding, statement of
expectations and obligations between a service
provider and its customer or customers
Use of the SLA
A SLA is used in outsourcing contracts
A SLA answers to the following questions:
Who delivers which service when?
What happens if problems arise?
What is the service and how is the service
quality assessed?
How to work changes into the SLA?
Purposes of using a SLA
Identifies and defines customer’s needs
Provides a framework for understanding
Simplifies complex issues
Reduces areas of conflict
Encourages dialog in the event of disputes
Eliminates unrealistic expectations
Plays as a marketing instrument
Plays as a partnership instrument
Transforms a “best effort obligation” into an
“obligation of result”
Zone of influence of SLA (e.g. ASP)
Customer
Zone of influence of SLA
ISV
….
ASP
VAR
BO P
IAP
SI
SLA Domains : Networking, Hosting,
Application, Support Service…
Writing of an SLA
Application service providers consortium
(ASPIC) and World Intellectual Property
Organization (WIPO) set up best practices :
To build up good relationship between ISP and
customer
To avoid conflicts
ASPIC BEST PRACTICES (I/III)
Infrastructure
Connectivity
Security
Data Center
Server
Load balancing
Clustering
Geographic Redundancy
Network architecture
Scalability
Connectivity Options
Authentication
Access Control
Integrity
Confidentiality
Non-repudiation
Security of Hardware
Security of Software
ASPIC BEST PRACTICES (II/III)
Application
Maintenance
Application management
Intellectual Rights Property
Databases
Pricing
Application Preparation
Sharing of liabilities
Sharing of tasks
Maintenance of the Application
Maintenance of the application
Maintenance of the system
Maintenance of the Network
Reports
Help-Desk
ASPIC BEST PRACTICES (III/III)
Implementation
Choice of application
Preparation of the Platform
Installation
Configuration and Customisation
Conversion / migration of data
Reports
Tests
Integration
Training of the customer
Main subjects to cover
1.
Introduction and purpose
2.
Service to be delivered
a)
b)
c)
d)
e)
f)
g)
h)
Uptime
System response time
Lost data
Customization
Change control
Billing responses
Report generation
Other issues
3.
Performance, tracking and reporting
4.
Problem management
5.
Fees and expenses
6.
Customer duties and responsibilities
7.
Warranties and remedies
8.
Security
9.
IPR and confidential information
10.
Legal compliance and resolution of disputes
11.
Termination
12.
Examination of clauses- descriptions
SERVICE LEVELS
Bonus price
Target level
Negotiated price
Minimum acceptable level
Price reduction
Unacceptable level
Contract termination
Service level
Major SLA failures
Negotiation problems
Specification of efforts versus specification of
results
Unclear service specification
Incomplete service specification
Incomplete cost management
« Dead-end » SLA documents
Exit Management
SLA specification : challenges
Scope and Methodology
Pre-understanding
Service level management & service process
management
Knowing the actors and following a structured
approach
Q
&c
UESTIONS
OMMENTS