Appendix A: IP/IT Contract Checklist

  Agreement should contain What it means
1 Software functionality
  • written representations
  • documentation
All solicitation requirements and supplier representations, certifications, verifications must be included in agreement.
2 Service level agreements
  • response time
  • capacity
  • interface compatibility
Include service level agreements where supplier agrees to specific levels of service. If performance is not met by supplier, penalties or discounts should be imposed.
3 System configuration
  • Compatibility
  • Capacity
All supplier representations concerning system configuration and compatibility (current, not future state) should be specifically included in agreement.
4 New software
  • Upgrade path
  • Will it work?
If system is or requires new software development, detail supplier's responsibility to ensure it performs as promised with current platform.
5 Anti-virus protection
  • Upon delivery
  • In use
The agreement should include how the antivirus component will work and when it will be fully operational.
6 Anti-vaporware protection
  • Does the product exist?
  • If not, when?
Same as above.
7 Intellectual property ownership
  • Upon delivery
  • In use
  • In bankruptcy
IP ownership and usage/access rights should be clearly defined in the contract. Supplier may own all rights when system delivered, but who owns customizations and who owns in the event of supplier's bankruptcy?
8 Regulatory compliance
  • Federal
  • State
If system is required to follow certain federal or state regulations or requirements, include them in agreement. If supplier warrants full compliance, that should be included as service level with requisite discounts or penalties resulting from compliance failure.
9 Change of date warranty
  •  New year
  •  Other significant dates
If data or system is date reliant, these requirements and supplier's agreement that system will meet them should be included.
10 Limitation of liability
  • Penalties
  • Caps
Make sure supplier agrees to liability if: 1) system fails; 2) system has to be replaced; 3) system failure affects other systems or transactions, etc.
11 Supplier indemnifications
  • Negligence
  • Willful acts
All suppliers providing services to the Commonwealth should be required to indemnify the Commonwealth for the negligence or willful acts of its employees, agents, etc.
12 Scope of use
  • Number of sites
  • Number of users
  • Customers
  • Third parties
Scope of license use should be very specific and included in agreement. Commonwealth, if possible, should have perpetual, non-revocable, transferable and unlimited license.
13 Conversion
  • Initial phase
  • Planning and documentation requirements
  • Exit strategy
Include supplier's plan for system conversion, if any. If contract is terminated or upon system failure, describe supplier's exit plan.
14 Modifications
  • Upon agency's request
  • Upon regulator's request
  • Upon supplier's request
Define who can request modifications. Describe modification process and change control management process for complex projects. All modifications must be in writing and signed by both parties.
15 Acceptance testing
  • Standards
  • Payment
Detail acceptance criteria (functional and technical) and how system must perform to meet acceptance. List milestone events; i.e., delivery, installation, acceptance testing, etc., that trigger milestone payments.
Define what constitutes final acceptance and final payment.
16 Access to data
  • Customer owns data
  • Backing up data
Specify Commonwealth's rights to data if hosted, continued ownership in data, backup and storage requirements.
17 Security
  • Customer services
  • Related networks
Detail supplier's responsibility for security compliance, access and reporting security issues. Suppliers are responsible for compliance with Commonwealth security policies, standards and guidelines. Security compliance may be a service level in the agreement.
18 Costs and fees
  • Most favored nation
  • Caps on increases
All prices should be agreed to up front and included in agreement. Include caps on price increases. Require supplier to provide same prices to Commonwealth as to any other customer.
19 Confidentiality
  • Post-termination
  • Confidentiality agreements
Specify supplier's responsibility to maintain confidentiality of Commonwealth systems, data, information, etc. Do all of supplier's employees sign confidentiality agreements? What if supplier breaches confidentiality?
20 Employees
  • Hiring and exit procedures
  • Account managers
Can Commonwealth hire supplier's employees? What is procedure for removal or non-performance of supplier's employee?
21 Priority
  • SLAs
  • Timelines
Agreement should establish which service levels have priority. Supplier's priority should be to maintain service levels with minimum disruptions to business continuity and compliance with security procedures. Include performance criteria, reporting and incentives/remedies/penalties.
22 Rights to software
  • Escrow
  • Modifications
Who owns software? Who owns licenses? What rights do licenses confer? Who owns customizations and modifications? These should be agreed upon and included in agreement.
23 Assignment
  • To affiliates
  • To merged entities
Assignment should require mutual written consent and notice. Include who licenses or software can be assigned to.
24 Disaster recovery
  • Procedures
  • Scope
  • Periodic testing
  • State of readiness
  • Replacements and upgrades
The agreement should detail supplier's responsibilities for disaster recovery. Procedures should be in writing and supplier should be required to test disaster recovery procedures on a specified schedule.
25 Maintenance agreements
  • Updates, modifications and new versions
  • Separate contracts
Will supplier maintain software after warranty period? For how long? What does maintenance include? Will maintenance agreement be a separate contract?
26 Bankruptcy
  • Create present rights
  • Escrow agreements
Detail each party's ownership and license rights in the event of supplier's bankruptcy.
27 Termination
  • At customer's option
  • Upon bankruptcy
  • Breach/default
  • Non-appropriation of funds
  • Transition of services
Agreement must provide for agency's ability to terminate the contract. The Commonwealth does not allow suppliers to terminate agreements as this will interfere with our ability to provide public services. A transition plan and supplier's transition support should be included.