I'm not sure I can reflect on any experience that directly relates. However, I would like to comment and also hear from you an update as to this situation.
Unless the terms and conditions of the contract specifically indemnify the other party [that produced the documentation] in relation to errors and omissions in its own documentation, then you have grounds to negotiate a variation for the higher price of the preferred product. Depending on the scale of the change, perhaps it's best to absorb the cost and seek savings elsewhere...
David - you face a challenge experienced by many in the Aerospace/Defence sector, as well as the Engineering/Construction, Oil and Gas, Pharmaceutical and other sectors. All of those sectors have utilized the training content provided by IACCM, as it represents leading and innovative practices in this domain.
I'd be interested to know more about how you define the role. I'm assuming - but perhaps wrongly - that the focus is post-award, but is it then dealing largely with contractvmanagement, or more broadly with performance management? To what extent is this a combined project and contract management responsibility?
• Abu Dhabi National Oil Company (ADNOC)
An organisation like yours has what it takes to develop sub-contract programme managers internally due to the criticality of the service you provide. It was not clear if you tried to employ(source) the sub-contract managers or you tried outsourcing sub-contract management.
You would consider it great to employ these managers as staff for long-term rolling programmes rather contractor employees; except you need them for short-term tasks. You will need individuals with experience project, programme, commercial and contract excellence
You would prefer to contact each of the professional bodies you mentioned directly to make your enquiry. However, from my experience with CIPS and IACCM, both bodies are excellent in their area of specialisation. You won't go wrong partnering with them. APM and RICS would also have a specific focus that you would best explore reaching out to them.
The governance and framework for outsourcing service on-boarding and general service contractor on-boarding would be largely applicable here. The key here is that the SOW's, SLA's and KPI's are clear and complete - but that holds true in any services contract. From what I have seen, SIAM principles are highly relevant here.
what you need to add to the master agreement are clauses derived from Art. 28. I am also doing the same for my Master Agreements. Here is an example,
Obligations of processors (supplier) in particular include:
- To comply with the GDPR data processing principles and to protect the rights and freedoms of data subjects;
- To demonstrate compliance with the GDPR;
- To maintain records of processing activities and make them available upon request by supervisory authorities;
- To appoint data protection officers or representatives;
- To cooperate with supervisory authorities in the performance of their tasks;
- To ensure a level of security by taking appropriate technical and organisational measures;
- Specific obligations as regards transfer of data outside the EU.
In general, an auditor (DPA) should be able to trace data regarding customers. This also include emails, Excel spreadsheets with links to external systems such as financial and banking, etc.
It is not enough to have a supplier follow the GDPR. It is of most importance that your company/organisation is also GDPR compliant. To start with you need to have a DPO.
As mentioned by Amir there are a number of elements to include, and depending on your organisation and the data you are processing you may need to identify a DPO.
Other things you should identify include:
Is the relationship with the supplier a Controller-Processor, Processor-Sub Processor or Controller-Controller.
Is special data being transferred to the supplier?
Will the supplier be exporting data outside of he EU?
You may also want to include an indemnity clause in case the supplier causes you to breach the GDPR regulation.
If you go to the Information Commissionaire's Office website in the UK (ICO.org.uk) there are some excellent guides and information which may assist you (including links to Article 29 Working Party).
Hi, this is not something to answer without knowing more details. Interesting to know is who is the data processor and who the data controller? What kind of data flows will there be? How sensitive is the personal data involved in this.. etc etc.. You may want to look at the liability limits...
• Piotr Powazka
The question is what this deal is all about. There will be a different approach to just shipping some goods vs. complicated outsourcing contract which you process personall data for. Remember that you need to remeber that even contact details stated in the agreement for e.g. contract managers are considered to be under GDPR scope. What my concern is, you very likely act as processor for your customer. The buyer's organization is the Administrator. Did they raise any particular matter.
It looks like you are outside of Europe. GDPR is not only about the DPA to stay compliant. You as a processor have certain duties to fulfill. If your company is not on Privacy Shield list (which in fact may soon become invalid just as Safe Harbour) according to some media news, it could be better to have Standard Contractual Clauses in place.
The topic is very broad and without more details it is difficult to help you.
IACCM conducted a Ask The Expert webinar on this topic, featuring James Mullock of Bird and Bird. His session was highly rated. The recording and James's presentation are in the IACCM Library. Plus, there are a few other resources in the IACCM Library which are relevant. If you have trouble finding these resources, please let me know.
You can also have a look at the Article 29 Working Party webpage - there is a page setting out draft contract provisions that are in line with the GDPR as it is currently being interpreted. You may not want to use the clauses themselves but can use them as a measure for your own inclusions.
There are great challenges in ensuring that long-term relationships deliver benefits to both parties. This is somewhat of a rule, and yet so many contracting professionals ignore this fact when they design the contract and relationship prior to entering them. Poorly anticipated exit rights usually lead to a lose-lose scenario.
We need to ensure contracts and relationships clearly define the exit rights even though we hope to never use them. If the exit plan is defined for both parties, it allows those parties to best determine and demonstrate the value of continuing the relationship.
I guess you need to establish key assumptions and/or minimal functionality or license metrics you need to achieve before you have anything you can benchmark against. Once that is established, you can ask for alternative software solutions which solves your need and then incentivize the best price found. Further you could measure the fulfillment of the key assumptions and have a payment attached to each of them. If the solution is going to introduce a certain workflow you could set pricing according to how fast it is implemented or how much money is saved/earned. If there is a license price and a T&M project, you could say have a differentiated discount scheme based on the number of hours spent. I.e the first X hours are paid at 140%, hours between X -Y are paid at 100% and hours after Y are paid by 50%.
I recommend you look at this article "Time and material vs Fixed price: hot discussion of the best pricing model" - www.cleveroad.com/blog/time-and-material-vs-fixed-price--hot-discussion-of-the-best-pricing-model
Firstly, I suggest to draft a SWs Portfolio document, which will list all the required SWs. SW portfolio will consist of details like SW name, description, area of application, criticality, user applicability, SL% requirements and other optional technical details like program language etc. Each of the listed SWs may be given a percentage split of charges between various applications, summing up to 100% (in this case DKK 0,5 M is 100%). This document can be kept open for addition/deletion for SWs.
Whenever Supplier adds/removes a SW this % split can be used for commercials/invoice purpose. For eg: a SW which falls between 10-25% will have 2% incentive, SW with 25-50% will have 5% incentive etc.
Secondly, SLA is completely depends on how you want specific SW to work for you. In the portfolio, for eg: if some SW is impacting critical users or functions you may set the SLA to required higher percentage and flow-down those SLAs to OEM as well. Also, I would suggest to a research on Pass-through charges, in which the supplier charges a fixed % incentive, but this is possible only if the SWs are fixed.