Michael R Overly - A Guide to IT Contracting: Checklists, Tools, and Techniques

DISCLAIMER: Information technology and contracting law changes frequently and rapidly. It is also subject to differing interpretations. It is up to the reader to review the current state of the law with a qualified attorney and other professionals before relying on it. Neither the authors nor the publisher makes any guarantees or warranties regarding the outcome of the uses to which the materials in this book are applied. This book is sold with the understanding that the authors and publisher are not engaged in rendering legal or professional services to the reader.

Second Edition published 2021

by CRC Press

6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742

and by CRC Press

2 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN

2021 Taylor & Francis Group, LLC

First Edition published by CRC Press 2013

CRC Press is an imprint of Taylor & Francis Group, LLC

The right of Michael R. Overly to be identified as author of this work has been asserted by him in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988.

Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged, please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.

For permission to photocopy or use material electronically from this work, access

Trademark Notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe.

ISBN: 978-0-367-48902-1 (hbk)

ISBN: 978-0-367-76725-9 (pbk)

ISBN: 978-1-003-16646-7 (ebk)

Typeset in Garamond

by codeMantra

For Emma, the light of our lives these many years.
Michael R. Overly

The author wishes to thank his colleagues, Chanley Howell and Steve Millendorf, for their patience, support, and many hours of work on this project.

Michael R. Overly is a partner in the Information Technology & Outsourcing Practice Group in Foley & Lardners Los Angeles office. As an attorney and former electrical engineer, his practice focuses on counseling clients regarding technology licensing, intellectual property development, information security, and electronic commerce. Michael is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified in Risk and Information Systems Controls (CRISC), and Certified Information Privacy Professional (CIPP) certifications. He is a member of the Computer Security Institute and the Information Systems Security Association. Michael is a frequent writer and speaker in many areas, including negotiating and drafting technology transactions and the legal issues of technology in the workplace, e-mail, and electronic evidence. He has written numerous articles and books on these subjects and is a frequent commentator in the national press (e.g., the New York Times, Chicago Tribune, Los Angeles Times, Wall Street Journal, ABCNEWS.com, CNN, and MSNBC). In addition to conducting training seminars in the United States, Norway, Japan, and Malaysia, Michael has testified before the U.S. Congress regarding online issues. Among others, he is the author of the best-selling e-policy: How to Develop Computer, E-mail, and Internet Guidelines to Protect Your Company and Its Assets (AMACOM 1998), Overly on Electronic Evidence (West Publishing 2002), The Open Source Handbook (Pike & Fischer 2003), Document Retention in the Electronic Workplace (Pike & Fischer 2001), and Licensing Line-by-Line (Aspatore Press 2004).

Information technology (IT) is critical to the operation of every business. IT drives enterprise efficiency by breaking down communication barriers both internally among employees, management, and directors and externally between the business and its customers, advisors, and other contributors. Unfortunately, in our cumulative decades of practice in the area of IT and outsourcing law, we have found that many businesses fail to identify and adequately address the issues that arise in their IT contracts. Together, we have reviewed, drafted, and negotiated thousands of IT contracts for practically every type of product, software, hardware, and service. Time and time again, we have found businesses fail to address the essential elements of their contracts and, ultimately, fail to adequately protect their organizations, placing their assets and data at risk. This can expose the company to unnecessary liability and lead to uncontrolled costs. The net result? Companies assume far greater risk and liability associated with these transactions, and end up spending too much time and money on these transactions, than is necessary.

Even the most sophisticated businesses with the most sophisticated IT infrastructure and an army of lawyers in their in-house legal departments are frequently unfamiliar with all the key issues that may arise in contracting of this kind and are, therefore, not equipped with the tools or knowledge to make informed and strategic decisions when reviewing, drafting, and negotiating these contracts. Whats worse, companies are accustomed to using outside corporate lawyers who might be highly skilled transactional and securities lawyers, but who arent familiar with the nuances of IT or how to properly structure an IT deal to protect the client and its assets.

IT is likely not your companys core competency or your companys focus. Nonetheless, it likely drives your business. Your board may cringe when the CIO asks for millions of dollars worth of upgrades to IT infrastructure or approval for that next big software or outsourcing project. IT spending might not be your companys largest expense, but it is probably among the top two or three. While your company may not focus on IT and might constantly question the millions of dollars worth of equipment, software, and professional services that comprise your IT infrastructure, its a sure bet that the company wouldnt survive long without it. Think about what your day would be like today if your e-mail system was down for even an hour or two, let alone several days. What would happen if your website suddenly crashed and the company could no longer take orders? How much would productivity suffer if your document management system was suddenly inaccessible, or if the data stored in the system disappeared? What would the reaction be if your payroll system went down and people didnt get paid? How much lost productivity would result if your customer relationship management (CRM) system crashed and your sales force couldnt access information it needed to contact clients and sell products? What would the result be if your companys data security system failed and customer and employee data was suddenly accessible outside of the company?