For most of us, negotiating contracts and reading legal
language rank at about the same level as hitting our thumb with a hammer--twice.
Luckily for you and your agency, you do not have to because BIT has staff to do
that for you. Your agency Point of Contact (or POC) can
help with appropriate technical contract
language.
When beginning the technology review process for the first time,
you may get the sense that it is
complicated. It can be, but that is because the information and
technology industry is complicated and changes rapidly. Signing a
contract or making a significant purchase without the support of BIT may seem
like a good idea at purchase time because the process may move faster with just
you and a smiling salesperson in the room. However, unless you have a
solid understanding of current technology trends, what may seem like a harmless
contract agreement can result in expensive surprises for you, your business and
ultimately the citizens of this state.
The most important thing you can do to make
the process as painless as possible is to engage your BIT POC before you publish a Request for Proposal (RFP), ask
for bids, or in any other way ask for a price quote from a vendor. When you show a vendor the applicable terms
that apply at the same time you ask for costing, more often than not they will
accept the terms up-front to get your business. In those few cases where they won’t accept the terms, they will generally
minimize their objections to just a few items. Contact your BIT POC to arrange a
technician-to-technician discussion to work
out the details on valid cost information and IT-related legal
terms.
Items BIT takes into consideration
for you during the technology review process:
- Disaster Recovery (DR)
- Continuity of Operations (COOP)
- High availability computing (HA)
- Hypervisors (the cloud)
- Physical hardware limitations (cores, processors, MSUs, sockets)
- Network protocols
- Security controls, risks, scans, threats and defenses
- Patch cycles and processes
- Licensing considerations
- Audit requirements
Each section of the contract has clauses for specific
purposes. The terms in the HIPAA section apply only to those terms recommended
by the federal government in all contracts associated with HIPAA systems or
data. The terms in the Hosting section apply when an outside
vendor hosts your system rather than using the existing state infrastructure. The terms in the federal tax information section only apply to projects involving federal tax information.
You do not need to engage your BIT POC when:
- Making a technology purchase off an existing state contract.
- The system you are buying is for a single desktop license for a one-person application. In these cases, a moratorium request is processed.
Often vendors will resist clauses that hold them accountable
or that grant you the ability to determine whether they are handling your data,
and our citizens’ data, in a responsible manner. We have found nationally
known vendors who, on close inspection, were putting their clients’ private
data at risk due to poor security standards. We have also had vendors
who, after several years, have come back to the state and attempted to levy
fines and fees made possible due to weaknesses in contract language.
The
bottom line is that if a vendor resists the clauses contained in the technology template, it raises a red flag and must be investigated. Red flags reveal significant business risks
that you need to understand in order to make an informed buying decision. A vendor may have legitimate business reasons to object to any of the clauses
or other contract language, and if that is the case, a meeting can be held with
the vendor and your IT advocates at BIT to help determine that and weigh out
other solutions.
The BIT POCs are here to help you through the technology review process; whether it is documenting a Memorandum of Understanding (MOU), working
together on a contract, drafting and finalizing a Request for Proposal (RFP) or
reviewing a Purchase Order. Our staff
can assist with the review of technology purchases to allow for fiscal
responsibility in keeping costs as low as possible and helping to maintain a
secure and reliable avenue for the State of South Dakota's technology needs.