Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
Acknowledgments
About the Author
Preface to the First Edition
Preface to the Second Edition
1 Collecting Basic Deal Information
Checklist
Overview
Key Considerations
Performance
Intellectual Property Issues
Personal Information Privacy and Security
Information Security
Other Unique Issues
Summary
2 Software License Agreements
Checklist
Introduction
Four Critical Questions
License and Restrictions
Acceptance Testing
Third-Party Software
Fees
Warranties
Indemnification
Limitation of Liability
Specifications
Confidentiality and Security
Maintenance and Support
Announcements and Publicity
Term and Termination
Additional Contract Terms
Summary
3 Nondisclosure Agreements
Checklist
Overview
Key Considerations
Essential Terms
Additional Considerations
Summary
4 Professional Services Agreements
Checklist
Overview
Key Considerations
Essential Terms
Term and Termination
Acceptance Testing
Personnel
Subcontracting
Warranties
Indemnification
Limitation of Liability
Intellectual Property Ownership
Change Order
Confidentiality and Information Security
Force Majeure
Nonsolicitation
Insurance
Fees and Costs
Relationship to Other Agreements
Summary
5 Statements of Work
Checklist
Overview
Essential Terms
Scope of Work and Business Requirements
Technical Environment
Acceptance Testing
Deliverables
Documentation
Roles and Responsibilities of the Parties
Project Management Processes
Issue Resolution and Escalation Procedures
Risks
Pricing and Cost
Service Level Agreements
Change Orders
Summary
6 Cloud Computing Agreements
Checklist
Key Considerations and Essential Terms
Service Levels
Uptime Service Level
Response Time Service Level
Problem Resolution Service Level
Remedies for Service Level Failure
Data
Data Security
Disaster Recovery and Business Continuity
Data Redundancy
Use of Customer Information, Data Conversion, and Transition
Insurance
Indemnification
Limitation of Liability
The Limitation of Liability Should Apply to Both Parties
License/Access Grant and Fees
Term
Warranties
Publicity and Use of the Customer Trademarks
Notification for Security Issues
Assignment
Pre-Agreement Vendor Due Diligence
Summary
7 Click-Wrap, Shrink-Wrap, and Web-Wrap Agreements
Checklist
Overview
What Is a βShrink-Wrapβ License?
Products Purchased under Shrink-Wrap AgreementsβCommon Elements
Methods of Purchasing Shrink-Wrap Products
Typical Shrink-Wrap Terms and Conditions
Key Risks of Shrink-Wrap Products
Mitigating Risk
Summary
8 Maintenance and Support Agreements
Checklist
Overview
Scope of Support and Maintenance
Predictability of Fees
Support Not to Be Withheld
Term
Partial Termination/Termination and Resumption of Support
Specifications
Availability
Support Escalation
Service Levels
Summary
9 Service Level Agreements
Checklist
Overview
Service Level Provisions Commonly Found in the Terms and Conditions
Root Cause Analysis, Corrective Action Plans, and Resolution
Cost and Efficiency Reviews
Continuous Improvements to Service Levels
Termination for Failure to Meet Service Levels
Cooperation
Service Level Provisions Commonly Found in a Service Level Agreement or Attachment
Measurement Window and Reporting Requirements
Maximum Monthly At-Risk Amount
Performance Credits
Presumptive Service Levels
Exceptions to Service Levels
Supplier Responsibilities with Respect to Service Levels
Additions, Deletions, and Modifications to Service Levels
Earn-Back
Form of Service Levels
Summary
10 Idea Submission Agreements
Checklist
Overview
Key Risks of Submissions
Essential Terms
Beware of Reverse Submissions
Summary
11 Joint Marketing Agreements
Checklist
Overview
Key Considerations and Essential Terms
Determine the Scope of the Engagement
Marketing Obligations
Referral Arrangements
Confidentiality
Intellectual Property Issues
Warranties and Disclaimers
Term and Termination
Summary
12 Software Development Kit (SDK) Agreements
Checklist
Overview
Key Considerations and Essential Terms
Scope of License
Ownership
Confidentiality
Compatibility Testing
Support
Warranty Disclaimers
Limitations on Liability
Indemnification
Export/Import
Acquisition by Federal Government
Term and Termination
Summary
13 Key Issues and Guiding Principles for Negotiating a Software License or OEM Agreement
Checklist
Key Issues and Guiding Principles
Initial Matters
Scope of License/Ownership
Pricing
Audit Rights
Limitations of Liability
Warranties
Support and Maintenance; Professional Service Rates
Payment
Term and Termination
Infringement Indemnification
Summary
14 Drafting OEM Agreements (When the Company Is the OEM)
Checklist
Key Issues and Guiding Principles
Determine the Scope of the Engagement
Customer Terms
Territory
Hardware Products
Exclusivity
Supplier Product Changes
Support and Training
Confidentiality
Intellectual Property Issues
Warranties and Disclaimers
Limitations of Liability
Indemnification
Term and Termination
Summary
15 Original Equipment Manufacturer (OEM) Agreements
Checklist
Overview
Key Contracting Concerns from the Perspectives of Both Parties
Summary
16 Health Insurance Portability and Accountability Act (HIPAA) Compliance
Checklist
Overview
Key Issues and Guiding Principles
Who Are BAs?
What Can Happen to BAs That Fail to Comply with HIPAA?
BA Requirements under the Security Breach Notification Requirements
BA Requirements for Compliance with HIPAA Security Rule
Statutory Liability for Business Associate Agreement Terms
BAA Compliance with HITECH Act Requirements
Other HIPAA Requirements
Steps for Compliance for Breach Notification
Steps for Compliance with HIPAA Security Rule
Additional BAA Terms
Considerations for Inventory HIPAA-Related Policies
Summary
17 Reducing Security Risks in Information Technology Contracts
Checklist
Best Practices and Guiding Principles
Trade Secret Considerations
Copyright Considerations
Joint IP Considerations
Policy on Embedded Open Source
Internal Procedures
Policies Following Infringement
Employees
Employee Training and Communication
Contractual Protections
Nonemployees and Subcontractors
Software Distribution
Object Code vs. Source Code
Language for License Agreements
Nondisclosure Agreements
Audit Rights
Foreign Jurisdictions
Source Code Licenses
Escrow the Source Code
Language for Source Code License Agreements
Summary
18 Website Assessment Audits
Checklist
Overview
Key Issues and Guiding Principles
Evaluate Your Website
Domain Names
Use of Third-Party Trademarks
Hyperlinks
Content
Visitor Uploads
Applicable Internet-Specific Laws
Terms and Conditions
Data Security and Privacy
Insurance
General Considerations
Summary
19 Critical Considerations for Protecting IP in a Software Development Environment
Checklist
Overview
Key Issues and Guiding Principles
Vendor Due Diligence
Treatment of Data
Physical Security
Administrative Security
Technical Security
Personnel Security
Subcontractors
Scan for Threats
Backup and Disaster Recovery
Confidentiality
Security Audits
Warranties
Limitation of Liability
Termination
Security Breach Notification
Insurance
Destruction of Data
Additional Considerations
Summary
20 Transactions Involving Financial Services Companies as the Customer
Checklist
Overview
Three Tools for Better Contracts
Key Considerations
Summary
21 Source Code Escrow Agreements
Checklist
Overview
What Does It Mean to Escrow Source Code?
Types of Escrow Agreements
Release Conditions
Key Issues for Escrow Agreements
Summary
22 Integrating Information Security into the Contracting Life Cycle
Checklist
Overview
Due Diligence: The First Tool
Key Contractual Protections: The Second Tool
Information Security Requirements Exhibit: The Third Tool
Summary
Example Information Security Requirements Exhibit
23 Distribution Agreements
Checklist
Overview
Key Issues for Distribution Agreements
License Grant
End-User License Agreement
Development of the Product
End-User Data
Obligations of the Parties
Product Pricing
Additional Considerations
Summary
24 Data Agreements
Checklist
Overview
Key Contractual Protections
Summary
25 Website Development Agreements
Checklist
Overview
Initial Issues to Think About
What are the Basic Objectives of the Website and the Development Agreement?
Intellectual Property Ownership
Software Requirements
Schedules and Timetables
Term and Termination
Fees and Charges
Project Management
Acceptance Testing
Warranties
Indemnifications
Content of the Website
Linking Issues
Insurance
Reports, Records, and Audits
Training/Education/Troubleshooting
Additional Provisions to Consider
Summary
26 Social Media Policies
Checklist
Introduction
Policy Scope and Disclaimers
No Expectation of Privacy
Right, But No Duty, To Monitor
Conduct in Social Media
Social Networking and Weblogs
Employee Questions and Signature
Summary
27 Critical Considerations for Records Management and Retention
Checklist
Overview
Avoiding Spoliation Claims
Impact on Litigation/Discovery Costs
Developing the Policy
Litigation Discovery Procedures
Developing the Retention Schedule
The E-Mail Problem
Authorized Storage Locations
Confidentiality and Security
Third-Party Vendors
Proper Destruction
Summary
Glossary
FFIEC Booklet
Table of Contents
INTRODUCTION
BOARD AND MANAGEMENT RESPONSIBILITIES
RISK MANAGEMENT
Risk Assessment and Requirements
Quantity of Risk Considerations
Requirements Definition
Service Provider Selection
Request for Proposal
Due Diligence
Contract Issues
Service Level Agreements (SLAs)
Pricing Methods
Bundling
Contract Inducement Concerns
Ongoing Monitoring
Key Service Level Agreements and Contract Provisions
Financial Condition of Service Providers
General Control Environment of the Service Provider
Potential Changes due to the External Environment
RELATED TOPICS
Business Continuity Planning
Outsourcing the Business Continuity Function
Information Security/Safeguarding
Multiple Service Provider Relationships
Outsourcing to Foreign Service Providers
APPENDIX A: EXAM PROCEDURES
APPENDIX B: LAWS, REGULATIONS, AND GUIDANCE
APPENDIX C: FOREIGN-BASED THIRD-PARTY SERVICE PROVIDERS
Index