Professional Documents
Culture Documents
By
Michael R. Overly
Matthew A. Karlyn
Companion CD
4812-1128-2702.1
Chapter 1: Non-Disclosure Agreements
Checklist
4812-1128-2702.1
Chapter 2: Professional Services Agreements
Checklist
4812-1128-2702.1
o Right to terminate o Payment of fees tied to performance
o No payment for services not o Holdback if payment based on
rendered passage of time
Non-solicitation of supplier’s employees o Travel and expenses tied to
Insurance tailored to customer’s customer’s policies
requirements o Financial audit rights
Fees and costs
o All fees expressed in contract, SOW RELATIONSHIP TO OTHER AGREEMENTS
or change order All contract terms in a single agreement
o Payment schedule for all fees If multiple agreements, ensure termination
o Fixed fee vs. time and materials rights across agreements
o Overall cap for time and materials Acceptance testing of services linked to
projects acceptance testing of related software and
o Ensure estimates are accurate hardware
o Specify percent over estimate to be Limitation of liability caps account for
paid by supplier fees paid across agreements
o Specify percent over estimate to be
share by both parties
o Rate card for future services
o Allocation of taxes (customer pays
only for tax on services received)
4812-1128-2702.1
Chapter 3: Statements of Work
Checklist
4812-1128-2702.1
o Right to terminate o Payment of fees tied to performance
o No payment for services not o Holdback if payment based on
rendered passage of time
Non-solicitation of supplier’s employees o Travel and expenses tied to
Insurance tailored to customer’s customer’s policies
requirements o Financial audit rights
Fees and costs
o All fees expressed in contract, SOW RELATIONSHIP TO OTHER AGREEMENTS
or change order All contract terms in a single agreement
o Payment schedule for all fees If multiple agreements, ensure termination
o Fixed fee vs. time and materials rights across agreements
o Overall cap for time and materials Acceptance testing of services linked to
projects acceptance testing of related software and
o Ensure estimates are accurate hardware
o Specify percent over estimate to be Limitation of liability caps account for fees
paid by supplier paid across agreements
o Specify percent over estimate to be
shared by both parties
o Rate card for future services
o Allocation of taxes (customer pays
only for tax on services received)
4812-1128-2702.1
Chapter 4: Idea Submission Agreements
Checklist
REVERSE SUBMISSIONS
Avoid broad feedback provisions
4812-1128-2702.1
Chapter 5: Cloud Computing Agreements
Checklist
4812-1128-2702.1
No use of customer marks without
permission
NOTIFICATION FOR SECURITY ISSUES
Customer gets sole control over
notification
Reimbursement for costs and expenses
ASSIGNMENT
Ability to assign freely
Assignee assumes responsibilities under
the agreement
4812-1128-2702.1
Chapter 6: Joint Marketing Agreements
Checklist
Checklist
CONTENT OF SDK
APIs LIMITATIONS OF LIABILITY
Sample code Complete limitation
Sample documentation Exclusion of consequential damages
Other data and information No recovery of direct damages
Ensure IP protected Stop gap if unenforceable
SUPPORT
Not generally provided
If provide, precise obligations
No representations or warranties with
respect to support services
As is and as available
WARRANTY DISCLAIMERS
No warranties
No liability of company
As is, as available
4812-1128-2702.1
Chapter 8: OEM Development Agreements
Checklist
TERMINATION
Uncured breach by OEM
No substantial misconduct by company
Brief sell-off period of OEM
Chapter 9: HIPAA Compliance
Checklist
4812-1128-2702.1
No material alterations to standard TERM AND TERMINATION
support program Consistency between license type
Priced annually and term of support
Automatic renewal of support term Initial term with automatic year-
No commitment to support after 5 to-year renewal
years Licenses immediately terminate
No agreements to provide “free” Licenses to end users do not
professional services terminate with customer agreement
Initial fixed fees become “then current Misuse terminates perpetual
rates” license
Opportunity to cure before
PAYMENT termination for cause
Based
on objective and easily identifiable INFRINGEMENT INDEMNIFICATION
event Company liability unlimited
Testing/ Legal counsel drafts indemnification
acceptance language reviewed by legal Company controls defense/settlement
counsel “Standing alone”
License Approved list of countries/jurisdictions
fees not subject to refund
Monthl
y invoices
No
fixed fee arrangements
4812-1128-2702.1
Chapter 11: Drafting OEM Agreements (Where the Company is the
OEM)
Checklist
4812-1128-2702.1
TERM AND TERMINATION
Specific initial term
Agreement to renew company’s option
Automatic renewal
Company right to terminate without cause
Revenue commitments?
Breach of agreement
Sell-off period
Continue to support existing customers
22
4812-1128-2702.1
Chapter 12: Collecting Basic Deal Information
Checklist
4812-1128-2702.1
Performance constraints
Substantial regulatory/compliance issues
24
4812-1128-2702.1
Chapter 13: Reducing Security Risks in Information Technology
Contracts
Checklist
4812-1128-2702.1
o Source code obfuscator Identify installations of software
Embed signature in code Retain certification copies for 5 years
4812-1128-2702.1
Chapter 14: Web Site Assessment Audits
Checklist
INSURANCE
Intellectual property infringement
Invasion of privacy
Defamation
Personally identifiable information
Protected health information
Personal financial information
Misuse of information by site
Misuse of information by employee
ADDITIONAL CONCERNS
Record of modifications to T&C
Copyright notice on site
4812-1128-2702.1
Chapter 15: Critical Considerations for Protecting IP in a Software
Development Environment
Checklist
4812-1128-2702.1
Mirror PSA Employees follow policy
Third party online privacy certification
SCAN FOR THREATS Agreement with hosting provider
Prohibit install Firewall
Accessible by link
Methods to determine visitor assent INSURANCE
o Required online registration Intellectual property infringement
o Required acceptance Invasion of privacy
o Prominent notice Defamation
o Basic notice Personally identifiable information
Changes to legal notices Protected health information
Applicable law and venue Personal financial information
Arbitration clause Misuse of information by site
Misuse of information by employee
DATA SECURITY AND PRIVACY
Privacy policy? ADDITIONAL CONCERNS
Accessible from home page Record of modifications to T&C
Links to Terms and Conditions Copyright notice on site
4812-1128-2702.1
Chapter 16: Click-Wrap, Shrink-Wrap, and Web-Wrap Agreements
Checklist
the Customer
Checklist
Checklist
SPECIFICATIONS
Support Obligations Tied to
“Specifications” Rather Than
“Documentation”
Chapter 19: Source Code Escrow Agreements
Checklist
Life-Cycle
Checklist
USE THE THREE TOOLS FOR BETTER o All reasonable measures to secure
INTEGRATING INFORMATION SECURITY and defend systems
INTO THE CONTRACT LIFE-CYCLE o Use of industry standard anti-virus
software
Pre-Contract Due Diligence o Vulnerability testing
Key Contractual Protections o Immediate reporting of actual or
Information Security Requirements suspected breaches
Exhibit o Participation in joint audits
o Participation in regulatory reviews
PRE-CONTRACT DUE DILIGENCE Indemnity against claims, damages, costs
Develop a Form Due Diligence arising from a breach of security
Questionnaire Responsibility for costs associated with
Ensure the Questionnaire covers all key providing breach notifications to
areas consumers; control of timing and content
Use the Questionnaire as an early means of notice
of identifying security issues Forensic Assistance
Use the Questionnaire to conduct an o Duty to preserve evidence
“apples-to-apples” comparison of o Duty to cooperate in investigations
prospective vendors o Duty to share information
Audit Rights
KEY CONTRACTUAL PROTECTIONS o Periodic audits to confirm
Fully Fleshed-Out Confidentiality Clause compliance with the agreement and
Warranties applicable law
o Compliance with best industry o Provision of any SAS 70 or similar
practices; Specify the relevant audits
industry Limitation of Liability should exclude
o Compliance with applicable laws and breaches of confidentiality from all
regulations (e.g., HIPAA, GLB, etc.) limitations and exclusions of liability
o Compliance with third party Post-Contract Policing
standards (e.g., PCI DSS, Payment
Application Data Security Standard). INFORMATION SECURITY
o Compliance with customer’s privacy REQUIREMENTS EXHIBIT
policy. Where appropriate, develop an exhibit,
o Prohibition against making data statement of work, or other contract
available offshore attachment describing specific required
o Responses to Due Diligence information security measures
Questionnaire are true and correct Use of wireless networks
General Security Obligations Removable media
Encryption
Firewalls
Physical security
Chapter 21: Software Development Kit Agreements
Checklist
4812-1128-2702.1
Chapter 22: Distribution Agreements
Checklist
Checklist
4812-1128-2702.1
Chapter 24: Service Level Agreements
Checklist
Retention
Checklist
Checklist
Checklist
Checklist
TERMS TO INCLUDE
License and Restrictions
Acceptance testing
Third party software
Fees
Warranties
Indemnification
Limitation of liability
Specifications
Confidentiality and security
Maintenance and support
Announcements and publicity
Term and termination
Additional terms:
o Force majeure