IT CONTRACTS Law & Regulations

Download Report

Transcript IT CONTRACTS Law & Regulations 

IT CONTRACTS
Law & Regulations
Thibault VERBIEST
Attorney at the Paris & Brussels Bars,
Founding Partner ULYS
www.ulys.net – www.droit.be
Infosecurity.be 2005
[email protected]
OVERVIEW
 Legal environment applicable to IT
contracts
 Outsourcing of IT contracts
 Service Level Agreements (SLA)
LEGAL ENVIRONMENT
APPLICABLE TO IT CONTRACTS
I. Obligations of the contracting parties
 Pre-contractual period
 Principle : freedom to start and stop contractual
negotiations
 Good faith principle : obligation to give information
and advice – liability
 Obligations of each party :
 The client : inform and participate
 The provider : inform and to be informed : duty of
information – duty of advice – duty of warning
 Liability :
 Extra-contractual liability :
 Breaking off = offence => article 1382 of the Civil code
 Point of no return
 Contractual period
 Principle : the good faith => articles 1134 §3 and
1335 of the Civil code
 Obligations of each party :
 Qualification of the contract
 Contractual vs extra-contractual obligations
 Best effort vs result
 The client : collaboration, taking delivery, acceptance,
payment
 The provider : delivery – conformity – delivery deadline,
inform and garantee
II. Liabilty
 Contractual vs extra-contractual liability
Best effort vs result
 Damage : direct vs indirect damage
 Exemption / limitation of liability
 Warranty & insurance
 Sanctions :
 Penalties : punitive – compensatory
 Incentives
 Credits
II. Intellectual property rights (IPR)
 Overview
Subject
Software
Databases
Legal scope
Copyright Law
Software Law
Patent
Copyright Law
Sui generis
 IPR :
 Economic value
 Ensure :
 Legal protection of rights you own
 Legal entitlement to use others’rights
 IPR – Software
 Protected by copyright law and software law
 Who is entitled to rights ?
 General : contractor – developer (copyright law)
 Exception : tailor-made software : user-principal can have
limited access to the source code (software law)
 Transmission of the copyright
 Property transmission
 Licensing of the right to use
 The source codes




Source code vs object code
Tailor-made vs standard modules
Range
Reverse engineering
 IPR – Databases
 Protected by copyright law and databases law
 Copyright protects the structure
 The sui-generis right (created by the database law)
protects the content => prevent extraction or reutilisation => condition : substantial investment
 Who is entitled to rights ?
 Structure : the author
 Content : the maker of the database
 Databases and privacy : privacy law of 8/12/1992
OUTSOURCING OF IT
CONTRACTS
 What is outsourcing ?
 The substitution of goods or services provided
by suppliers for those previously provided
internally
 Types :
 Local
 Onshore
 Near-shore
 Offshore
 Benefits of outsourcing
 Lower costs
 Flexibility
 Expertise
 “A good outsourcing model is one in which the
desired services or goods are procured that
provide the best value regardless of the location
or vendor”
 Risks of outsourcing
 Finding the right vendor
 Understanding the true cost of work outsourced
 Establishing common outsourcing procedure &
processes
 Controlling and measuring what you buy (SLA)
 Remaining a knowledgeable buyer (reversibility)
 If work goes offshore :
 Culture and language barriers




Applicable law
Privacy and IPR concerns
System security issue
Time zone differences
 What to do ?
 Understand what can be outsourced
 Establish processes for :
 Vendor vetting and selection
 Vendor relationship management (change request)
 Extensive management and quality control (SLA)
 Don’t abrogate responsibility
 Understanding of obligations for each party
 Win/win scenarios (SLA => bonus/malus system)
 Be aware that there will be problems (SLA)
 Anticipate the end of the relations (reversibility)
SERVICE LEVEL AGREEMENTS
 Service Level Agreements (SLA) are:
 A SLA is a legal contract that specifies the
contractuable deliverables, terms and conditions
between the service provider and the end-user
 The SLA is a formal, legally binding, statement of
expectations and obligations between a service
provider and its customer or customers
 Use of the SLA
 A SLA is used in outsourcing contracts
 A SLA answers to the following questions:
 Who delivers which service when?
 What happens if problems arise?
 What is the service and how is the service
quality assessed?
 How to work changes into the SLA?
 Purposes of using a SLA
 Identifies and defines customer’s needs
 Provides a framework for understanding







Simplifies complex issues
Reduces areas of conflict
Encourages dialog in the event of disputes
Eliminates unrealistic expectations
Plays as a marketing instrument
Plays as a partnership instrument
Transforms a “best effort obligation” into an
“obligation of result”
 Zone of influence of SLA (e.g. ASP)
Customer
Zone of influence of SLA
ISV
….
ASP
VAR
BO P
IAP
SI
 SLA Domains : Networking, Hosting,
Application, Support Service…
 Writing of an SLA
 Application service providers consortium
(ASPIC) and World Intellectual Property
Organization (WIPO) set up best practices :
 To build up good relationship between ISP and
customer
 To avoid conflicts
ASPIC BEST PRACTICES (I/III)
Infrastructure





Connectivity



Security







Data Center
Server
Load balancing
Clustering
Geographic Redundancy
Network architecture
Scalability
Connectivity Options
Authentication
Access Control
Integrity
Confidentiality
Non-repudiation
Security of Hardware
Security of Software
ASPIC BEST PRACTICES (II/III)
Application








Maintenance





Application management
Intellectual Rights Property
Databases
Pricing
Application Preparation
Sharing of liabilities
Sharing of tasks
Maintenance of the Application
Maintenance of the application
Maintenance of the system
Maintenance of the Network
Reports
Help-Desk
ASPIC BEST PRACTICES (III/III)
Implementation









Choice of application
Preparation of the Platform
Installation
Configuration and Customisation
Conversion / migration of data
Reports
Tests
Integration
Training of the customer
 Main subjects to cover
1.
Introduction and purpose
2.
Service to be delivered
a)
b)
c)
d)
e)
f)
g)
h)
Uptime
System response time
Lost data
Customization
Change control
Billing responses
Report generation
Other issues
3.
Performance, tracking and reporting
4.
Problem management
5.
Fees and expenses
6.
Customer duties and responsibilities
7.
Warranties and remedies
8.
Security
9.
IPR and confidential information
10.
Legal compliance and resolution of disputes
11.
Termination
12.
Examination of clauses- descriptions
SERVICE LEVELS
Bonus price
Target level
Negotiated price
Minimum acceptable level
Price reduction
Unacceptable level
Contract termination
Service level
 Major SLA failures
 Negotiation problems
 Specification of efforts versus specification of
results
 Unclear service specification
 Incomplete service specification
 Incomplete cost management
 « Dead-end » SLA documents
 Exit Management
 SLA specification : challenges
 Scope and Methodology
 Pre-understanding
 Service level management & service process
management
 Knowing the actors and following a structured
approach
Q
&c
UESTIONS
OMMENTS