Paul Longhurst writes…

3Kites has worked on many software selections in the last 16 years and our advice to clients is to use our trusted friends at Kemp IT Law (KITL) to negotiate the contract side of things. 

Many heed this advice but some will think it saves money to keep this in-house. My response is that this may be the only time your lawyer has reviewed a DMS, PMS, IT Services (or similar) contract whereas the team at KITL have done this multiple times and know many of the pitfalls to avoid through experience. Hitting an unforeseen issue here can be costly or worse, affecting a firm’s ability to operate.

Just recently, we have heard of firms struggling to access data as they leave one cloud provider for another. This is but a single example of situations that we jointly anticipate by a) 3Kites asking relevant questions in our RfP (tender) document and b) KITL assessing contract termination terms in its review.  At this point, I will hand across to Richard Kemp to explain more about the contract review process KITL undertakes for its many law firm clients….

We have heard of firms struggling to access data as they leave one cloud provider for another

Richard Kemp writes…

Thanks Paul – the key thing in our experience is for the firm to have a clear idea of what it wants in contractual terms from their new system, and then to be able to assess and manage the gap between that and what the vendor is committing to provide.  

The start point here is the vendor’s RfP responses as clarified in subsequent discussions, and the end point will be what the vendor’s contract actually says (after all the sales talk). Working with our law firm clients and leading vendors on the other side of the table, we have a pretty good idea of what’s achievable in managing that gap.

The normal process is for vendors to agree favourable pricing terms on the basis that the deal is papered by month or quarter end, failing which the price will increase.  Vendors tend to stick by this (sales commissions hang on period end signings), and contract negotiations can get quite intense in the run up to signature. 

This, plus the fact that vendor terms continue to harden in the marketplace, means that firms may have important decisions to take in short order and under time pressure. The best way in our experience to manage this is to ensure that the firm’s decision makers are available to make the necessary decisions during the two to three week period before signing.

A good internal process will go a long way to ensuring a good deal for the firm, but what about the substantive points?  Some observations:

• If it’s a cloud deal, make sure you understand the boundaries of what your vendor is, and is not, responsible for. If you’re buying a SaaS, who looks after what at the border between the SaaS provider and the platform and hosting vendor?  The graphic (see below) is a useful representation of how it all fits together as you move from on-prem to in-cloud at different levels of the stack.
• What are you buying? In a cloud SaaS deal, you’re really buying a room at the vendor’s hotel where the service level agreement (SLA) is the product, and there may be little scope to negotiate. Does the SLA give you what you need? The vendor is likely to want service credits (which are generally paltry) to be the firm’s only remedy for service failures. Consider elevating this to a right to terminate for breach if there are sustained outages.
• Return of data. As Paul suggests, make sure you have a practical route to getting your data back (ideally during lifecycle as well as at contract end) to avoid lock-in. What form will you receive the data in and where will you receive it?
• On-prem to in-cloud migration during lifecycle. If you’re likely to be migrating the service from on-prem to in-cloud during contract lifecycle, make sure you’re not paying twice for the same thing (comparing on-prem and in-cloud pricing isn’t really comparing apples with apples) and that you get assistance (which you’re likely to have to pay for) from the vendor. 
• GDPR. GDPR compliance in tech contract settings is getting more complex, and GDPR terms increasingly account for 25-50% of the page count in a law firm cloud contract deal. Particular areas of focus are the controller/processor boundary, third country transfers and high risk activities. Don’t forget the Data Protection Impact Assessment (DPIA)! 
• Liability. On the liability clause, vendors are increasingly seeking to impose an exclusion of indirect loss and a cap on direct loss of 12 months’ charges. Do you need a higher cap for loss of data, breach of confidentiality, security or GDPR duties?
• Client and insurer requirements. Finally, we’re seeing client engagement and insurers’ terms becoming more onerous and intrusive around firms’ IT systems and information security generally, so do make sure new systems align with these requirements. 

Allowing the time to get these knotty issues right in what can be a pressured run up to contract signature can make all the difference between a successful and a runaway project. 

Paul Longhurst is a director of 3Kites and Richard Kemp is a partner at Kemp IT Law. This is the tenth article in the series Navigating Legaltech

--------------------

About 3Kites and Kemp IT Law
3Kites is an independent consultancy, which is to say that we have no ties or arrangements with any suppliers so that we can provide our clients with unfettered advice. We have been operating since 2006 and our consultants include former law firm partners (one a managing partner), a GC, two law firm IT Directors and an owner of a practice management company. This blend of skills and experience puts us in a unique position when providing advice on IT strategy, fractional IT management, knowledge management, product selections, process review (including the legal process) and more besides. 3Kites often works closely with Kemp IT Law (KITL), a boutique law firm offering its clients advice on IT services and related areas such as GDPR. Where relevant (eg when discussing cloud computing in a future article) this column may include content from the team at KITL to provide readers with a broader perspective including any regulatory considerations.