The Importance Of Audit Rights In Vendor Contracts
CIOReview
CIOREVIEW >> SOAR >>

The Importance Of Audit Rights In Vendor Contracts

Richard Martinchalk, Assistant Vice President, Software Licensing and Compliance Manager, Hancock Whitney
Richard Martinchalk, Assistant Vice President, Software Licensing and Compliance Manager, Hancock Whitney

Richard Martinchalk, Assistant Vice President, Software Licensing and Compliance Manager, Hancock Whitney

If good fences make good neighbors, as written by Robert Frost, then good contracts make good business partners. The building blocks of contracts are their clauses and this article will review the Audit Clause, the Termination Clause, and the Indemnification Clause as they pertain to software licensing.

Audit Clause:

The audit clause is a clause is a front-line defense that needs to be included and reviewed for nearly every software manufacturer in order to mitigate overall risk. Lack of defining audit conditions can result in undue burden and accentuated negative outcomes.

Examples that I have seen of a poorly constructed audit clause include payment of licenses for non- compliant software that include penalties for back maintenance extending beyond 12 months, required license procurement to shore up the licensing deficit at retail costs rather than at the negotiated discount rate, and significant disruption to daily business function.

Typically for audit clauses I recommend that they have the following terms:

• License review (Audit) limited to no more than once per 12 months

• Preservation of currently enjoyed discount for non-compliant findings

• Audit costs shared only if non-compliance exceeds 5 percent

• Back maintenance, if required, limited to 12 months

• Non-intrusive to daily business function

• No installed tools or scripts (often this is not possible but it would be a strong preference)

Termination Clause:

The termination clause is the clause that outlines the manner in which the dissolution of the executed agreement should proceed. Typically, there are requirements to inform them of your intent prior to termination, a requirement to delete or destroy licensed materials, and a request to provide certification that the termination conditions have been met. It’s imperative that these requirements

are understood and followed within the spirit of the contract in order to avoid unwanted continuation of the agreement or become entangled in a procedural dispute.

“Lack of defining audit conditions can result in undue burden and accentuated negative outcomes”

Things to consider:

• Understand termination conditions

• Prohibit vendor termination of convenience if possible

• Reduce required notification for you and increase required notification for them (not always possible, the preference is for the notification terms to be equal, but you’re relying on their service)

• Recognize need to certify destruction of licensed material - (often overlooked and not done)

• Think in advance replacement/migration strategy for business critical applications – enhanced by manipulation of termination notification requirements

Indemnification Clause:

In my experience the indemnification clause is often misunderstood. It’s presence in a software agreements is non-optional as it is the primary defense against intellectual property infringement claims. If IP owners believe, legitimately or illegitimately, that their IP is being incorporated into a third party product without attestation or compensation they can decide to protect their IP through legal recourse.

If using a third party tool, not created in house, the creator of that tool needs to ensure they are not utilizing IP that they do not own. The burden of defense should lie with them.

• Not an optional clause MUST be included in the contract

• Indemnification, if included in the contract, will likely be bi-directional, ensure that your interests are adequately covered

• Confirm Limitation of Liability is not applied for Indemnification issues, unless you’ve negotiated a significant increase to LoL that would sufficiently cover an IP dispute

• Indemnification language is largely boiler plate at this point not a lot of need for red- lining

I am not a lawyer and this does not constitute legal advice. Please always seek the guidance from your legal department regarding contractual issues.

Read Also

Transformation to Fit an Agile Future

Maria Luisa Inofre, CHRO at AboitizPower Human Resources

Gender and Racial Diversity in Australia's Senior Technology Leadership

Subha Chari, Head of Digital Product Delivery, LendLease

Impact of Digital Transformation in Retail Space

Robert Sjostrom, President Global Operational Services, Essity

Challenges Over The Past 18 Months

Marc Ashworth, Chief Information Security Officer, First Bank

Information Technology Thought Leadership And The Challenges

Christopher Nichols, Director IT/OT Resiliency & Support, Stanley Black & Decker

Security Architecture In Theory And In Practice: Why Security Should...

Marco Morana, Head of Security Architecture, JPMorgan Chase & Co