Whether buying new hardware, upgrading software or implementing a million-dollar association management system solution, at some point each association is going to confront a technology contract. And whether you are drafting your own agreement or, more typically, starting with the vendor’s form of contract, there are certain key legal provisions the management of every association should consider before signing on the dotted line. In addition to completing a robust due diligence effort to ensure your association picks the right AMS vendor - such as through a comprehensive request for proposal process in which you lay out your needs and expected contract rights - here are five key considerations:
SLAs. If you are going to receive services in the “cloud” – the increasingly common arrangement where your association stores and/or accesses software and data through the Internet instead of through your own computers and servers – look for a Service Level Agreement or “SLA.” An SLA is a guarantee by the vendor that its customers can access any software and data during certain specific times (with certain exceptions). An SLA also can be a vendor agreement to answer the phone and fix problems in accordance with a pre-agreed upon schedule. Sometimes SLAs include a remedy like a credit if the vendor does not meet its SLA obligations. Vendors do not typically offer an SLA upfront, so ask for it.
Escrow as insurance. What happens if a vendor stops performing its obligations? Maybe the provider no longer makes software bug fixes or simply goes out of business. If the software or service being provided is critical to an association’s operations or cannot be easily replaced (and especially if the vendor is small or financially shaky), the association should push for a software escrow agreement. An escrow agreement allows a customer to access the source code – the secret sauce of the product – upon the occurrence of certain triggering events and use the code to support its continued use of the vendor’s product. It’s an insurance policy that a customer can continue to use a product even if the vendor disappears from the picture.
Protect your data. With frequent reports of data breaches – usually involving the unauthorized access of personal data like credit card information and Social Security numbers - that can paralyze an organization and cost millions of dollars, it is vital that an organization understands and is comfortable with how its vendors protect its information and that of its members. Whether it’s a cloud service or a self-hosted solution, the association customer, as part of its due diligence of potential vendors, needs to ask each vendor candidate for its data security plan and back up the plan with contract-based compliance guarantees.
Indemnification, indemnification, indemnification. In the technology world, a company (think Apple) will sue another organization (or individual!) if it believes that the organization is using its product or service without proper authorization. Therefore, it is almost without exception a non-negotiable requirement that the vendor agree to indemnify a customer (i.e., pay the customer’s legal fees or provide a legal defense and pay related customer damages) against any lawsuits alleging that the customer’s use of the vendor’s technology is violating a third party’s rights in the same technology. Fortunately, indemnification is standard (although not always freely offered) in practically all technology contracts. And absent a compelling explanation and some alternate protection, vendor refusal to provide this protection is a giant red flag from which a potential customer needs to run.
Get the right rights. Of course, any technology contract is only as good as the rights the vendor gives the customer to use the product or service. So make sure the contract spells out all of the anticipated uses. For example, is use limited to specific individuals or a limited number of users at any one time? Will the product or service be accessed only by employees or will association members use it as well? And does the association customer want to allow an affiliated organization or another association to use the product or service? Finally, make sure your association has whatever copyright rights are necessary to implement the AMS solution, whether a license or assignment so the association will own rights that it pays to develop.
While this is not a comprehensive checklist, the discussion of these considerations with a prospective vendor can be the basis of an agreement that more fully protects the interests of the customer.
This article first appeared in the November 2012 issue of Association TRENDS.