Pain-free tech procurement
If investment in technology is required, here are some top tips to help ensure your procurement process is pain-free:
- Ensure you have clearly identified what your business needs and constraints are before you look for a software product or decide to engage a software developer. Identify potential vendors and products which may be suitable for your needs and consider whether an “off-the-shelf” solution will be appropriate or whether you’ll need a bespoke product.
- Carry out due diligence on shortlisted vendors including: company checks; financial checks; and product reviews. Ask for details of their insurance cover. Speak to other customers who have used the vendor or product to understand their experiences.
- Consider cyber security risks. This may involve: checking whether the vendor holds any certifications; performing penetration testing; carrying out site visits to assess physical security; and requiring the vendor to complete a security questionnaire.
- If you’re taking a licence of the software, check that the licence terms cover all the users who might reasonably be expected to require access to the software, both now and in the future. Check whether the licence restrictions are acceptable. For example, is the licence only for the benefit of a named company or is it restricted to use on a particular computer or at a particular site? Can it be transferred if you sell your business?
- Identify whether the product relies on code or tech from another source. If it does, the vendor’s continuing access to this will need to be assured.
- Ensure that the licence fees are clearly defined. If the fees are linked to usage, is it clear how the fees will be adjusted in the event of an increase or decrease in usage? If the vendor has agreed a fixed fee or discounted fee for an initial period, check it is clear what will happen when that initial period expires.
- Review the performance warranties in the contract. Does the vendor warrant that the software will perform certain required functions or comply with a certain specifications? Are these functions or specifications appropriately documented? Check the exclusions and limitations on the vendor’s liability. Are these acceptable? For example, can you recover your losses in full in the event of a default by the vendor or is your remedy limited to a refund of the purchase price?
- If you use the software to provide services, rather than for internal purposes, work through the scenario where the software didn’t perform as it should – will you be in breach of your customer contracts?
- Make sure it is clear in the contract which party will be responsible for installation and ensuring successful integration and interoperability with other systems. If there will be a period of installation and testing before you can use the software in a live environment, consider whether you need to pay the full licence fee prior to go-live.
- If the software will be tested before acceptance, is it clear what will constitute success? Ensure that the testing regime will accurately demonstrate the way the software will perform in a live environment (including with the volumes the software is intended to handle). If interoperability with other systems is required, ensure this forms part of the acceptance testing.
- Check that the vendor’s maintenance obligations are clearly defined and consider whether the proposed ‘response’ and ‘fix’ times are satisfactory and what escalation and remedy provisions apply if those times are missed.
- Consider how future interoperability issues will be handled. Will the vendor be required to ensure the software is continually updated to keep pace with other system changes? Will this be included in the support cost?
- If the vendor will have access to personal data and will be acting as your data processor, check that the contract contains suitable data processing provisions as required by Article 28 of the GDPR.
- Ensure it is clear in which circumstances the contract can be terminated and how notice to terminate should be served. Make sure you are clear what termination actually means. Will termination end all of your access to the software or just terminate the support and maintenance obligations, leaving you with an ongoing (perpetual) right to use the software unsupported?
- Ensure it is clearly set out in the contract what obligations there are on the vendor for returning customer data and other confidential information, including time limits for compliance and the format in which the data is to be returned.