Pain-free tech procurement

25 Nov 2021

Article

If investment in technology is required, here are some top tips to help ensure your procurement process is pain-free:

Ensure you have clearly identified what your business needs and constraints are before you look for a software product or decide to engage a software developer. Identify potential vendors and products which may be suitable for your needs and consider whether an “off-the-shelf” solution will be appropriate or whether you’ll need a bespoke product.
Carry out due diligence on shortlisted vendors including: company checks; financial checks; and product reviews. Ask for details of their insurance cover. Speak to other customers who have used the vendor or product to understand their experiences.
Consider cyber security risks. This may involve: checking whether the vendor holds any certifications; performing penetration testing; carrying out site visits to assess physical security; and requiring the vendor to complete a security questionnaire.

Licensing

If you’re taking a licence of the software, check that the licence terms cover all the users who might reasonably be expected to require access to the software, both now and in the future. Check whether the licence restrictions are acceptable. For example, is the licence only for the benefit of a named company or is it restricted to use on a particular computer or at a particular site? Can it be transferred if you sell your business?
Identify whether the product relies on code or tech from another source. If it does, the vendor’s continuing access to this will need to be assured.
Ensure that the licence fees are clearly defined. If the fees are linked to usage, is it clear how the fees will be adjusted in the event of an increase or decrease in usage? If the vendor has agreed a fixed fee or discounted fee for an initial period, check it is clear what will happen when that initial period expires.

The contract

Review the performance warranties in the contract. Does the vendor warrant that the software will perform certain required functions or comply with a certain specifications? Are these functions or specifications appropriately documented? Check the exclusions and limitations on the vendor’s liability. Are these acceptable? For example, can you recover your losses in full in the event of a default by the vendor or is your remedy limited to a refund of the purchase price?
If you use the software to provide services, rather than for internal purposes, work through the scenario where the software didn’t perform as it should – will you be in breach of your customer contracts?
Make sure it is clear in the contract which party will be responsible for installation and ensuring successful integration and interoperability with other systems. If there will be a period of installation and testing before you can use the software in a live environment, consider whether you need to pay the full licence fee prior to go-live.
If the software will be tested before acceptance, is it clear what will constitute success? Ensure that the testing regime will accurately demonstrate the way the software will perform in a live environment (including with the volumes the software is intended to handle). If interoperability with other systems is required, ensure this forms part of the acceptance testing.

Maintenance

Check that the vendor’s maintenance obligations are clearly defined and consider whether the proposed ‘response’ and ‘fix’ times are satisfactory and what escalation and remedy provisions apply if those times are missed.
Consider how future interoperability issues will be handled. Will the vendor be required to ensure the software is continually updated to keep pace with other system changes? Will this be included in the support cost?
If the vendor will have access to personal data and will be acting as your data processor, check that the contract contains suitable data processing provisions as required by Article 28 of the GDPR.

Termination

Ensure it is clear in which circumstances the contract can be terminated and how notice to terminate should be served. Make sure you are clear what termination actually means. Will termination end all of your access to the software or just terminate the support and maintenance obligations, leaving you with an ongoing (perpetual) right to use the software unsupported?
Ensure it is clearly set out in the contract what obligations there are on the vendor for returning customer data and other confidential information, including time limits for compliance and the format in which the data is to be returned.

Kathryn Rogers

Partner
Commercial

Download PDF

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_313079883	2 years	This cookie is installed by Google Analytics.
_ga_GJS170D9KM	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_692061_7	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
cusid	30 minutes	ClickDimensions sets this cookie to establish and continue a user session with the site.
cuvid	2 years	This cookie, set by ClickDimensions, is written to the browser upon the first visit to the site from that web browser.
cuvon	30 minutes	ClickDimensions sets this cookie to store the last time a visitor viewed a page.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_hjSession_2563585	30 minutes	No description
_hjSessionUser_2563585	1 year	No description

Pain-free tech procurement

Licensing

The contract

Maintenance

Termination

We use cookies on our site.