Appendix B: IP/IT Contract Checklist
| checklist item number | Agreement should contain | What it means | √ |
|---|---|---|---|
| 1 | Software functionality
|
All solicitation requirements and supplier representations, certifications, verifications must be included in agreement. | |
| 2 | Service level agreements
|
Include service level agreements where supplier agrees to specific levels of service. | |
| 3 | System configuration
|
If performance is not met by supplier, (current, not future state) should be specifically included in agreement. | |
| 4 | New software
|
If system is or requires new software development, detail supplier's responsibility to ensure it performs as promised with current platform. | |
| 5 | Anti-virus protection
|
The agreement should include how the antivirus component will work and when it will be fully operational. | |
| 6 | Anti-vaporware protection
|
Same as above. | |
| 7 | Intellectual property ownership
|
IP ownership and usage/access rights should be clearly defined in the contract. Supplier may own all rights when system delivered, but who owns customizations and who owns in the event of supplier's bankruptcy? | |
| 8 | Regulatory compliance
|
If system is required to follow certain federal or state regulations or requirements, include them in agreement. If supplier warrants full compliance, that should be included as service level with requisite discounts or penalties resulting from compliance failure. | |
| 9 | Change of date warranty
|
If data or system is date reliant, these requirements and supplier's agreement that system will meet them should be included. | |
| 10 | Limitation of liability
|
Make sure supplier agrees to liability if: 1) system fails; 2) system has to be replaced; 3) system failure affects other systems or transactions, etc. For all major IT projects, supplier liability should not exceed twice the value of the contract. |
|
| 11 | Supplier indemnifications
|
All suppliers providing services to the Commonwealth should be required to indemnify the Commonwealth for the negligence or willful acts of its employees, agents, etc. | |
| 12 | Scope of use
|
Scope of license use should be very specific and included in agreement. Commonwealth, if possible, should have perpetual, non-revocable, transferable and unlimited license. | |
| 13 | Conversion
|
Include supplier's plan for system conversion, if any. If contract is terminated or upon system failure, describe supplier's exit plan. | |
| 14 | Modifications
|
Define who can request modifications. Describe modification process and change control management process for complex projects. All modifications must be in writing and signed by both parties. | |
| 15 | Acceptance testing
|
Detail acceptance criteria (functional and technical) and how system must perform to meet acceptance. List milestone events; i.e., delivery, installation, acceptance testing, etc., that trigger milestone payments. Define what constitutes final acceptance and final payment. | |
| 16 | Access to data
|
Specify Commonwealth's rights to data if hosted, continued ownership in data, backup and storage requirements. | |
| 17 | Security
|
Detail supplier's responsibility for security compliance, access and reporting security issues. Suppliers are responsible for compliance with Commonwealth security policies, standards and guidelines. Security compliance may be a service level in the agreement. | |
| 18 | Costs and fees
|
All prices should be agreed to up front and included in agreement. Include caps on price increases. Require supplier to provide same prices to Commonwealth as to any other customer. | |
| 19 | Confidentiality
|
Specify supplier's responsibility to maintain confidentiality of Commonwealth systems, data, information, etc. Do all of supplier's employees sign confidentiality agreements? What if supplier breaches confidentiality? |
|
| 20 | Employees
|
Can Commonwealth hire supplier's employees? What is procedure for removal or non-performance of supplier's employee? | |
| 21 | Priority
|
Agreement should establish which service levels have priority. Supplier's priority should be to maintain service levels with minimum disruptions to business continuity and compliance with security procedures. Include performance criteria, reporting and incentives/remedies/penalties. | |
| 22 | Rights to software
|
Who owns software? Who owns licenses? What rights do licenses confer? Who owns customizations and modifications? These should be agreed upon and included in agreement. | |
| 23 | Assignment
|
Assignment should require mutual written consent and notice. Include who licenses or software can be assigned to. | |
| 24 | Disaster recovery
|
The agreement should detail supplier's responsibilities for disaster recovery. Procedures should be in writing and supplier should be required to test disaster recovery procedures on a specified schedule. |
|
| 25 | Maintenance agreements
|
Will supplier maintain software after warranty period? For how long? What does maintenance include? Will maintenance agreement be a separate contract? | |
| 26 | Bankruptcy
|
Detail each party's ownership and license rights in the event of supplier's bankruptcy. | |
| 27 | Termination
|
Agreement must provide for agency's ability to terminate the contract. The Commonwealth does not allow suppliers to terminate agreements as this will interfere with our ability to provide public services. A transition plan and supplier's transition support should be included. |
Search the manual by key words or common terms.