Yes I agree, please share with me, I would like to see the legislation and I have recently observed the change in contractor's attitude in negotiation from UK.
• Ministry of Justice
The most recent change is the implementation of the European Directives into UK Law, through the issue of the 2015 Public Contracts Regulations. This dictates Government procurement rather than standard commercial arrangements. Section 83 indicates a minimum contract record retention of the contract duration where they are over a certain value: As most contracts have an extended liability life of at least 6 years and as we have a wider obligation to maintain public records, then policy in my government Department is to err on the side of caution and retain for 6-7 years. The legislation is found HERE www.legislation.gov.uk/uksi/2015/102/pdfs/uksi_20150102_en.pdf
Sharon, what is the context of your question? Most companies I've seen have a fairly robust process for screening suppliers. Depending on the nature of the business and the agreements you have with your customers, your company's risks for the supply chain may vary.
This is a common problem. Many of the relationships with indirect
suppliers are less formal and may have been in place for years, leading to resistance over use of standard templates.
It is of course important to establish whether the issue is just general resistance or whether the standards are not really appropriate to the range of indirect relationships required, or lack required flexibility.
We do have benchmark data at IACCM on cycle times and will be issuing reports on the latest information at the end of April. It should be possible to provide interim data if you need it sooner.
• Alcatel Lucent
Internal Template application rather than the one of the supplier is usually a requirement nevertheless the real issue behind is do we protect ourself correctly. Legal usually is validating a template that he wants verybody contract manager to apply. As legal ressources are scarce and expensive ressources it is ovious that this is the first thing that should be pushed. Once you know that he does not work the more complex but more interesting solution for the company is to look at the mandatory clauses that are requested from the contract. So instead of pushing your template you should fight on the mandatory clauses. Fall back position should be created as a handbook of best practices.
• Dept of VA
Templates, while easy to copy and work with, present a challenge to many companies in part because the template is usually written from one side or the other, providing all the advantages to the author's side and none to the recipient. This is frequently seen in EULAs, where the equivalent of "Not only do we have all the rights, but you are lucky we let you use our product at all, you horrible little vendor!" is common contract parlance.
So how do you overcome the natural inclination of a vendor to resist your templates? The same way you advertise anything else!
Make the option of using your product (the templates) both appealing and advantageous to the vendor. When sending internal templates to a vendor for use, do not present them as a "use or lose" option. Instead, deliver the items with the contracting equivalent of a box of chocolates: Provide vendors a summarized explanation of the benefits offered through using your templates. Bullet-oriented briefs are more effective here, as they provide not only a quick list for the vendor to read, but a point-summary for the vendor's contract manager to use in presenting the overwhelming benefits offered by your templates to their management.
Explain (again in short form) the potential realized cost savings of template use, including ease of follow-on contract development by way of utilizing your "easily-tailored, customer-specific templates." Make every effort to ensure using your templates is so much easier than having the vendor's contract department reinvent the procurement wheel that the vendor (who at this point you should view as your customer) would actually be acting against their own best interest to do anything other than to use your templates.
As M. Fouquier rightly points out, the usual greatest challenge is getting your templates past the legal department guardians. Providing a brief mandatory clause list may be a more advantageous initial step, as it tends to ease legal's protective instinct toward its client(s). Once you present not merely a palatable offering of clauses, but a tasty array of work-easing options to the vendor (and the vendor's legal counsel), your job is 90% done. Offering updates and non-critical individual tailoring options (which would not, of course, change the mandatory clauses) gives the vendor the personalized attention so critical to obtaining their final approval. It is the after-dinner apertif of contracting: "Not only do we offer all these options, but our true focus is on YOU."
Granting the vendor a choice of either (a) using your banquet of templates designed to ease their workload or (b) going through the tedious grind of negotiating back and forth on every item for months makes you and your templates the obvious and preferred choice every time.
I attended a tech conference this week and this issue came up in the context of shadow IT and differing strategies around stopping unauthorised tech services.
The responses differed but the most interesting response was from a health company which employs lots of young people and had a constant problem with shadow IT. They have solved the problem by putting all data sensitive apps into a locked down environment and opened up for other services that employees wanted to do their jobs.While they did not mention the licensing issues maybe the answer is that with the SaaS offerings they can be easily cancelled. Maybe a policy for an organisation could say ok for the company to pay for a SaaS in the allowed open zone but individuals take on the related legal obligations.
Some corporations monitor which suppliers are most often used and negotiate master terms that acknowledge the click-through terms are overridden by the negotiated terms of the master agreement.
It isn't a perfect solution, but it can generate a high proportion of coverage.
The answer on this, unfortunately, will be that it depends. That is, it depends on what the IP clause in the contract specifically states. Do you have a specific contract or clause that applies to this situation?
The clause reads as standard;
"all Intellectual Property conceived or made by X in the course of providing the Services shall belong to Y."
The problem is that the project is being funded by a third party, and part of our agreement with that third party is that they will own all IP arising from the project. We are contracting with another party to deliver one element and our funder is asking that we name them as the owner of IP in the abovementioned clause in the contractual agreement between us and the other party.
Usually the only parties that have any rights to the IP are those parties to the contract. Should another party want access to the IP then the best way to protect the first two parties is that the third also becomes a party to the contract or another way is that the third party enters into a confidentiality agreement with the first two parties explicitly for the purposes of accessing the IP.
In your case you might need the separate agreement as the people you have contracted to may not want to share or assign any rights to their IP with the project financier.
I assume you refer to the indemnification clause in the context of third party claims, correct? Whether a breach is considered material or not remains a question for the courts (at their discretion). However, typically in the context of SW agreements, material breaches would include breaches of IP and breaches of confidentiality/privacy. As software vendors, we consider a breach of payment to be a material breach but, again that is subjective and subject to interpretation. I would not agree to this change if I were you because this creates risk uncertainties to your disadvantage as a software vendor.
A friend of mine works in the same organisation as you (as a Contracts manager with a legal background) and is an IACCM member so, if you want, I can ask him to contact you and perhaps you guys can discuss this matter internally. Let me know.
All the best.
• Hewlett-Packard Company
Please contact the Office of the General Counsel for assistance in these matters. We are here to help. If you are in the US, feel free to contact me directly.
David, as you are probably aware, MFN clauses are inevitably problematic unless there are independent sources of price comparison. In many cases, even if there are research companies offering data, the most highly negotiated deals are protected by confidentiality undertakings. And even when some data can be accessed, it is usually possible for a supplier to claim that price differences reflect other differences - for example, in risk allocation, availability, volume or term of agreement etc. In my experience, MFN clauses are of limited meaning or value.
However, this does depend to some extent on how much you trust the integrity of your supplier and also you should be clear about your own goals. For example, do you really need to have better prices than all other customers, or is your real sensitivity that you want better prices than your competitors? Must you really be best, or perhaps it is sufficient to be in the top 5 or 10%.
You might make such a provision subject to periodic confirmation by the supplier, making it clear that misrepresentation would represent a fundamental breach of the agreement. You can require independent audits, though few large suppliers will agree to this and the cost may be prohibitive. You could commission periodic research which, depending on the market and the nature of the service, may yield practical results.
I would suggest that your real concern here is that you want to ensure pricing remains fair and reflects market trends. Often the only way to test this is by regular market testing via competitive bidding. Such an approach has little attraction for you or the supplier - it is expensive and potentially disruptive. So you might consider a clause modelled around the principle that the supplier has responsibility to demonstrate not only that your prices are the best they offer, but also that they are among the best available in the market. But again, be cautious that in your focus on price you do not lose sight of broader issues of value. There will always be someone cheaper, but what is the cost associated with 'being cheap'?
Thanks for your comments Tim. In this case, we are actually the supplier who has (unfortunately) agreed in the past to include a MFN clause in certain ongoing agreements. This was done so at the absolute insistence of a handful of our customers. While we readily see the downside of agreeing to such a restriction, it's amazing what gets negotiated at the 11th hour when finalizing a deal with a major client! In any case, we are now faced with creating some validation analysis that would support our adherence to the "spirit" of the clause. What makes it difficult is that the services that we provide (market research) have some common aspects across clients, but no 2 packages are exactly alike. While this may ultimately be our saving grace, we do feel the need to prepare some form of validation in case one of these customers request an audit of some kind. At this point we are doing our best to note both the common aspects across specific client deals, as well as outlining the variables that might affect the ultimate prices we charge. While we feel that we are in full compliance with the clause, providing evidence of this for our customers is proving to be a bit of a challenge.
• Sodexo SA
David, A useful comparison may be drawn between your situation and the delivery of FM in the PFI market, where benchmarking is a standard requirement.
It is normal practice in such scenarios to make 'adjustments' (e.g. adjusting for the size of buildings, No of occupants etc) to comparators so that the benchmarking exercise is 'fair'. Whilst this is an inexact science it is an attempt to demonstrate compliance. This type of approach can be dismissed by a client, but ultimately if the client chooses to be difficult they could reject any approach you take.
Demonstrating different options to them will show your willingness to work with them and may encourage them to engage in dialogue about what will satisfy their concerns.
David, I agree with John's observation. Given that there is rarely - perhaps never - an exact 'like for like', comparisons will always have a degree of subjectivity. It is good that you make efforts to validate your position.
As mentioned in my previous reply, you may want to think about alternatives with the customer and discuss their real concerns. In particular, if you can build confidence over the market competitiveness of your pricing, there is potential for a 'win-win' by avoiding the need for future competitive bidding as a method of validating your price. This seems to me a much more productive and relevant discussion. Meantime, I think just continue your monitoring.
Sabine, a very interesting question! I am sending this to a few members who will certainly know the answer. I also wonder how much this provision differs from requirements by other regulatory authorities - for example in US or UK - and will research that point as well - plus how the banks are then handling it.
Many thanks, Tim. Looking forward to your and others' feedback on this point. Best, Sabine
Sabine, here is a reply from Jihong Chen at Zhong Lun law firm:
It is really a hottest topic among multinational IT companies. The story is very long. One latest update is China Banking Regulatory Commission released a new circular on Feb, 12, 2015, which clarifies that:
1) The implementing rules for recording of source code is still under research. CBRC will solicit comments from all sides and then implements;
2) As to the requirement for independent IP for pre-installed software, it only requires IP certificate or legitimate source document;
3) There is no country difference.
Escrow of source code might be acceptable by CSRC as the final solution.
And another ....
Look at the link below for some background and additional context on the issue.
Also- according to UK Financial Times report on 25 Feb, companies in Europe and US have gathered together requesting government taking actions against the CBRC guideline on secured and controllable technology.
And to add to the series, this excellent outline of issues and status has been provided to us by law firm Baker & McKenzie:
The following notices on "secure and controllable" technology has been issued thus far:
1. Notice Concerning the Use of Secure and Controllable Information Technology to Strengthen Internet Security and Informatization in Relation to Banks (Yinjianfa No. 39 of 2014 ((2014) 39 ) ("CBRC Notice No. 39")
2. The China Banking Regulatory Commission ("CBRC"), National Development and Reform Commission ("NDRC"), Ministry of Science and Technology ("MOST") and Ministry of Industry and Information Technology ("MIIT") jointly issued CBRC Notice No. 39 on 3 September 2014. Although the scope of addresses does not expressly include Chinese branches of foreign banks, the document is required to be delivered to banks and financial institutions which are independent legal persons. We are of the view that if the foreign invested bank is a registered legal person in China, it is likely to be subject to CBRC Notice No. 39.
CBRC Notice No. 39 sets out policy statements by the CBRC, concerning the use of "secure and controllable" information technology in the banking industry. The key points in CBRC Notice No. 39 pertaining to cyber-security are as follows:
* CBRC Notice No. 39 requires that from 2015, the proportion of "secure and controllable" information technology over the total information technology products and software used by each bank should increase at least 15% each year, and reach a minimum of 75% in 2019. The "secure and controllable" information technology products and technologies newly added in 2014 may be included in the calculations for the increase used in 2015.
* CBRC Notice No. 39 appears to suggest that in the selection of information technology products and technologies by banks, at least one "secure and controllable" domestic product or technology has to be considered in the selection and testing process where one exists.
3. Guideline on Advancing the Application of Secure and Controllable Information Technology in Banking Industry (Yinjianbanfa No. 317 of 2014 ( (2014) 317 )) ("CBRC Notice No. 317")
CBRC Notice No. 317 was jointly prepared by the General Administrative Offices of the CBRC and MIIT and circulated on 29 December 2014. As with CBRC Notice No. 39, this document is likely to apply to any foreign invested bank which is a registered legal person in China.
The document contains, inter alia, an annex which sets out the scope of the requirements for "secure and controllable" information technology products and technologies across various product categories, as follows:
* Computer equipment
* Network equipment
* Storage equipment
* Security equipment
* Common software
* Specialized software
* Automated equipment
* Terminal equipment; and
It appears that similar requirements for "secure and controllable" information technology have been introduced to banks in the past. However, these requirements were not closely adhered to due to the lack of implementation details. Given that CBRC Notice No. 39 sets forth formal requirements and CBRC Notice No. 317 provides for implementation details and procedures, banks may now feel more compelled to take the necessary actions to comply with the "secure and controllable" requirement.
With regard to enforcement measures, the CBRC conducts annual audits on banks (at least to the level of State-owned banks and joint-equity commercial banks) to evaluate all aspects of the banks' operation and risk control, and issues audit reports requesting a written response from banks addressing each issue and indicating correctional measures. In addition, the CBRC conducts a larger scale audit on banks every 3 or 4 years. The banks' implementation of the requirements for "secure and controllable" information technology will now be included in such audits for review and assessment.
On 12 February 2015, the CBRC issued a clarification document which provides that the research on how to proceed with the recordal of source code is still ongoing. The mode and process of recordal will only be implemented after the opinions of relevant stakeholders have been sought.
We understand that there have been discussions regarding the promulgation of umbrella laws or regulations relating to internet verification and testing. It is unclear when these umbrella laws or regulations will be issued. However, if it is to be issued as a law, this will require promulgation by the National People's Congress ("NPC") or its standing committee.
If however the umbrella rules will be issued by way of regulations by the State Council or a Ministry, the amount of time required to promulgate the new rules will take a shorter period of time, as it will not need to undergo the legislative process required in the case of passing of laws by the NPC.
It is unclear what these umbrella rules will encompass. However, we expect the umbrella rules to provide more details as to the (a) scope of products subject to the "secure and controllable" requirements; (b) nature of the testing and recordal requirements; (c) type of entities that will be required to purchase "secure and controllable" products and technologies.
Based on the CBRC Notices above as well as the press articles, we anticipate that the umbrella rules are likely to include encryption testing requirements as well as recordal requirements for source codes. We expect these rules will apply to banks (since these are already covered by the CBRC Notices discussed above). However, it is also not beyond the realm of possibility that the "secure and controllable" requirement will also apply to products and technologies purchased by government bodies, the army, key State-owned enterprises, and potentially academic and research institutes in sensitive areas.
Please note that there is no draft regulation at this time available to the public and our views above are based on the ongoing discussions in the press and from our review of the CBRC Notices, as well as our understanding of the cyber-security regulatory environment in China.
China's impending cyber-security measures have not been well-received by U.S. businesses. In a letter addressed to Chinese cybersecurity officials and signed by U.S. associations including the U.S. Chamber of Commerce, these standards were described as overly broad and discriminatory. The stricter cyber-security standards could thereby limit the range of US products available to Chinese businesses. The groups have implored the Chinese authorities to delay the implementation of the measures and grant an opportunity for discussion between interested stakeholders and the agencies responsible for the initiatives.
Additionally, the business lobbies have also sent a letter to American officials, including Secretary of State John Kerry, requesting the White House to work with Chinese officials to reverse China's new cyber-security regulations. In response, President Obama has pledged in the National Security Strategy to take necessary actions to protect U.S. businesses and defend U.S. networks against cyber- theft of trade secrets for commercial gain by the Chinese government.
I hate saying depends but you might want a lot of IP clauses or very few depending on the seat you are in.
A good approach is to start with a blank piece of paper imagine the delivery is occurring and consider how you might answer a series of questions from the Board then check if the contract has the answers. if not it should.
Questions might include:
Who can make one of these again?
Who owns the plans, diagrams, blueprints, samples when all is done?
Are the plans etc trade secrets and subject to a range of different types of copyright and who has ownership and/or has licence rights?
If repairs, rectification is needed, who has a right to access plans, drawings etc to get work done
More suggestions for questions and issues to tick off?
• Nexen Energy ULC
My experience has lead me to asking an EPC company to expressly list what in the scope of executing this contract they feel is their intellectual property. From that list I would find out what has patents/licenses associated with it and either reject or negotiate the balance.
It is a reasonable expectation that a contractor would limit the use of it's work product solely to the contract's stated purpose. WRT IP, I always want the contractor to give us a royalty free, non-irrevocable license to use their IP for future projects and use what info (drawings, etc.) they have given us for the maintenance and repair of the work product.