Transcript Contract Review Presentation
CONTRACT REVIEWS
HOW TO PROTECT YOUR COMPANY FROM THE UNEXPECTED S U S A N K O H L H A U S E N D I R E C T O R , L E G A L A F F A I R S C O A S T A L F E D E R A L C R E D I T U N I O N
Vendor On-Boarding Process
RFP (Request for Proposal) Due Diligence/Risk Assessment Vendor Selection
Contract Review
Contract Negotiation Contract Execution Followed by: Ongoing Vendor Administration/Oversight
Vendor On-Boarding Process
RFP (Request for Proposal)
Due Diligence/Risk Assessment
Vendor Selection Contract Review Contract Negotiation Contract Execution Followed by: Ongoing Vendor Administration/Oversight
Vendor On-Boarding Process
Does your company have a Vendor Selection Policy?
Coastal requires (in part) :
Management will obtain at least two competitive bids for each Level 1-Critical and Level 2-Significant publicly held and privately held vendors at the time of initial review and selection to ensure that pricing is competitive and reasonable and commensurate with their demonstrated ability to meet Coastal's needs. While cost is one of many factors evaluated in vendor selection, it is expected that vendors selected offer fair financial value to Coastal.
What Is A Contract?
“A promise or a set of promises for the breach of which the law gives a remedy, or the performance of which the law in some way recognizes as a duty.” - Restatement (Second) of Contracts = LEGALLY ENFORCEABLE AGREEMENT
Purpose Of Written Contracts
Performance
Documents expectations and obligations of the parties and products/services to be provided
Protection
Provides remedies for the unexpected (i.e. breach)
Performance Clauses
Scope Performance/Service Levels Reports Subcontracting/Third Parties Duration Fees
Protection Clauses
Assignment Right to Audit Compliance Intellectual Property Rights Confidentiality and Security Business Continuity/Contingency Insurance
Protection Clauses
(continued) Warranties Liability/Damages Indemnification Dispute Resolution Modification Termination
Performance: Scope
Detailed description of product/services to be provided. Specific obligations of all parties (including any subcontractors/third parties)
Performance: Service Levels (SLAs)
Plain language documenting specific minimum service levels, standard maintenance periods, response times for product (usually software) or service issues or failures, additional support (help desk) needs and measurement periods.
Usually included as an addendum/attachment to contract
Performance: Service Levels (SLAs)
Examples include: Product/service will be fully functional not less than 98% per day/month/quarter excluding standard maintenance periods Vendor shall commence review/analysis of all Severity 1 (non-function) issues within 4 hours of company’s written/verbal notification.
Vendor will achieve and maintain a customer satisfaction rating of not less than 75% each calendar quarter
Performance: Service Levels (SLAs)
Recommend use of industry standards to develop service levels Maintenance periods should be narrow and during customer’s off-peak hours Include specific language addressing notification requirements (specific personnel/communication channel (email/telephone) Often requires vendor to self report issues/failures (Audit may be beneficial) Damages for failure to meet SLAs usually in form of a % credit of fees with right to terminate for repeated failures within a certain measurement period or extreme failure to perform. SLA terms are usually an exception/ stand-alone from general breach/right to cure language
Performance: Reports
Outline all reports needed from vendor.
Include type and frequency of reports needed (performance, security, business continuity, etc.) and specific information to be included.
Note any custom or external reports and related fees. Watch for upcharges. Recommend including “pass through cost” language.
Performance: Subcontractors
Contract should specify whether parties are permitted to use subcontractors and the specific obligations they will perform. Who has right to approve, remove or replace contractor?
Who is liable for subcontractor? Minimum qualification/background requirements?
Be sure that subcontractor use language does not conflict with the assignment clause.
Performance: Duration
Length of contract should be commiserate with the type of product/service being provided and within industry standards.
Be aware of auto-renewal (evergreen) clauses and termination notification requirements Build in enough time between notice of termination and actual termination to find replacement vendor (if needed).
Include minimum notification period for any fee increases to allow time to find and contract with new (less costly) vendor prior to termination notification requirements. EXAMPLE: Vendor should provide notice of fee increase not less than 6 months prior to end of term where company is required to give 90 days notice of termination.
Performance: Fees
How calculated? (base payments, recurring services, activity charges, etc.) Cost for product maintenance/upgrades Responsibility for state and federal taxes Right to dispute fees without penalty Late payment penalties should be reasonable
Performance: Fees
Watch out for language: permitting vendor or party the right to deduct from company accounts without adequate controls.
permitting vendor the right to deduct fees/penalties from any income it collects on behalf of company requiring payment while in a force majeure (emergency) situation.
Protection: Assignment
Which parties (if any) have the right to delegate (in whole or part) its rights and obligations to a third party.
Prohibit assignment without consent. Exception: May see language permitting assignment in case of purchase or merger or to an affiliate.
Protection: Right to Audit
Allows party (or third party agents) to audit company information/records to test internal controls or prove compliance with contract terms.
Watch for: Overly broad property/information access language. Recommend including language limiting number of audits in a specific period without cause (i.e. not more than once annually), audit schedule (i.e. during company’s normal business hours) and scope of audit.
Who pays for cost of audit? (Under-reporting penalties)
Protection: Compliance
All parties should agree to comply with applicable laws (federal, state and local) and related guidance.
Be sure to include language that vendor will provide assistance/access as needed to company’s government regulators.
Protection: Intellectual Property Rights
Ownership, rights to and permissible use of company data, equipment, software Property rights should generally remain with the property owner or licensor except in cases where there is work product specifically developed for another party Includes right to name, logos, trademarks, copyrights, domains, etc.
Ensure contract grants license to use, sublicense, etc. all products/services as needed
Protection: Confidentiality & Security
Prohibit parties (and its subcontractors and agents) from disclosing or using certain company information except as necessary to perform pursuant to the contract. Standard confidentiality exceptions: Previously known/becomes publicly available without breach Developed independently Provided by a third party without restriction
Protection: Confidentiality & Security
WATCH! Disclosure for court order or authorized government request should NOT be a confidentiality exception. To remedy, include language where notification is required except where prohibited by law or court order
Protection: Confidentiality & Security
Return or destroy confidential information upon termination of contract or other designated time.
Adequate security within industry standards and not less than used to protect own confidential information Require prompt notification and full disclosure of security breaches of confidential information or that will affect company or its customers Specify necessary corrective action (Damages: credit monitoring?)
Protection: Business Continuity
Back-up and protection plan in case of disaster or other extraordinary event that prevents use of primary/standard systems.
Vendor should provide copy of plan. Updated and tested regularly. Provide results. Include business recovery time frames and other metrics as needed Consider interdependencies among all service providers Watch! Overly broad “force majeure” clauses Any actions “beyond reasonable control”
Protection: Insurance
Consider types and amounts (liability, E&O, crime/fidelity, worker’s compensation). Minimums?
Additional insured or other endorsement needed?
Include language requiring notification of cancellation or material changes in coverage
Protection: Warranties
May include legal status of parties, authority to enter into agreement Seek warranty of non-infringement for all intellectual property used or subject to the contract WATCH! Recommend striking any disclaimer of implied warranties (workmanlike quality, merchantability and fitness for a particular purpose, title)
Protection: Liability/Damages
Generally limited to fixed amount, a service credit or a multiple of total amount paid for services under agreement or other identified term (# of months, quarter, etc.) Lost data: limited to correction/reconstruction Exclusion of indirect/secondary damages (consequential, special, incidental) Assess whether damage limitation is commiserate with amount of loss (current and future) as a result of breach of contract.
RECOMMEND: Make any limits reciprocal
Protection: Liability/Damages
Be ready to negotiate these common exceptions/carve-outs to liability protections: Gross vs ordinary negligence Breach of confidentiality/security Breach of warranties/representations Violation of law Death, bodily injury or physical damage to tangible personal property
Protection: Indemnification
Be sure “hold harmless from liability” language is broad enough. Should include: arising from breach of contract; negligence of the other party or its agents; and intellectual property infringement (if applicable).
Include “defend” language? If so, include language for right to hire own attorney. If not, include language that vendor will pay all (reasonable) attorney fees and associated costs.
Limit to third party claims
Protection: Dispute Resolution
Mediation/arbitration clauses Be aware of who decision makers are and how selected Jurisdiction and venue are important Ensure continuation of products/services during any dispute period Losing party responsible for costs/fees Reserve right to seek injunctive relief
Protection: Modification
All contract modifications should be in writing and executed by all parties.
Be very cautious of carve-outs giving vendor the unilateral right to increase fees or change terms of services or even terminate agreement.
Protection: Termination
For convenience: Rare Usually seen low dollar contracts where there is no minimum/base fees.
For cause. Right to cure? Time period and measurement?
Does it conflict with SLA measurements and response times?
Additional Considerations
AVOID or HANDLE WITH EXTREME CAUTION: multi-party agreements; “In it’s sole discretion” language CAPITALIZED TERMS should be defined!
Include a MERGER CLAUSE. Contract language that states it to be the complete and final agreement between the parties.
Be sure to include language “attaching and incorporating” attachments, exhibits, addendums and amendments (including RFP responses) into agreement MISSING TERMS: Be aware of what ISN’T in the contract. Use a CHECKLIST ATTORNEYS: Unless they specialize in contracts, be cautious.
THROW AWAY TERMS: Be ready to give up some during negotiations
SAMPLE CHECKLIST
https://chapters.theiia.org/raleigh durham/Events/Documents/SAMPLE%20Contract %20Review%20Checklist.docx