Wait! Before You Go…

In the evolving landscape of IT procurement, a significant shift has occurred with vendors being increasingly prescriptive and often insisting on their own “standard terms” as the baseline for agreements. This trend raises an important question: Is the customer’s contract paper still relevant?

As IT lawyers representing primarily IT services customers, our stance is unequivocally affirmative – YES, the customer’s contract paper is still relevant. Here is why:

1. Alignment with Specific Needs and Customer-Specific Regulatory Requirements

Customer-driven contract papers are meticulously crafted to address the unique requirements and risk profiles of the customer. Vendor standard terms, while efficient for the vendor, may not adequately capture the specific needs or mitigate the risks faced by the customer. A customer’s contract ensures that key priorities, such as data security, compliance, and bespoke service levels, are thoroughly addressed. Furthermore, certain industries, such as those in the banking industry, are increasingly placing requirements on customers to deal with specific provisions in their agreements with vendors.

Example: A customer’s contract may include a detailed data security clause requiring the vendor to implement specific security measures, conduct regular security audits, and promptly notify the customer of any data breaches. This ensures the customer’s data is protected to their standards, rather than relying on the vendor’s potentially less stringent measures which may not be sufficient in terms of applicable privacy and cybersecurity laws, and the customer’s approach to data security.

2. Negotiation Leverage

Despite the increasing insistence on vendor terms, customers should recognise their inherent negotiation leverage. The procurement of IT services often involves substantial financial commitments and strategic importance, giving customers the power to negotiate terms that better protect their interests. If the customer uses its own contract paper, this may position the customer to set the agenda in its negotiations with the vendor.

Example: A customer’s contract might cap the vendor’s liability at a higher amount than the vendor’s standard terms, ensuring adequate compensation in the event of a significant failure. For example, instead of the vendor’s typical exclusion of its liability or limitation of its liability to the contract value, the customer’s clause could limit liability to a multiple of the contract value or the total fees paid over a specific period aligned to its risk exposure taking into account likely damage that can be suffered in the event of a data breach fine or lawsuit, third party claim for IP infringement, etc.

3. Risk Management

A customer’s contract is a critical tool for risk management. Standard vendor terms are typically designed to minimise the vendor’s liability and maximise their control. In contrast, a well-drafted customer contract can distribute risk more equitably, ensuring that the vendor bears appropriate responsibility for performance failures, data breaches, and other critical issues.

Example: A customer’s contract may include robust indemnification clauses requiring the vendor to indemnify the customer for third-party claims arising from the vendor’s breach of the contract, intellectual property infringement, or data breaches. This protects the customer from bearing the costs of the vendor’s mistakes.

4. Flexibility and Customisation

Vendor standard terms are, by definition, standardised. They may lack the flexibility to accommodate the unique operational, legal, and regulatory environments of different customers. A customer’s contract paper allows for the necessary customisation to ensure compliance with industry-specific regulations and alignment with internal governance frameworks.

Example: A customer’s contract can specify customised service levels that reflect the customer’s operational needs, with associated remedies for non-compliance. For instance, the contract might include detailed uptime requirements for critical systems, with penalties or service credits if these levels are not met.

5. Long-Term Relationships

Contracts are not just about the immediate transaction; they lay the groundwork for long-term relationships. A customer-centric contract fosters collaboration and mutual understanding, setting the stage for a relationship that can adapt and evolve over time. This is particularly important in IT services, where ongoing support, updates, and upgrades are critical to success.

Example: A customer’s contract might include a continuous improvement clause, requiring the vendor to periodically review and improve the services provided, incorporating modern technologies and best practices. This ensures the relationship remains dynamic and beneficial over the long term.

Challenges with tech giants and cloud vendors

While the benefits of using customer contract papers are clear, there are situations where negotiating on your own terms may not be possible, particularly with a few tech giants that have become common household names. These companies often have standard terms and conditions that are non-negotiable due to their market dominance and service model. Furthermore, the evolution of cloud computing has necessitated that cloud vendors, especially vendors of public cloud computing services, standardise their offering and this makes negotiating bespoke agreements sometimes impossible (for example, Gmail terms and conditions), and other times, incredibly difficult given the one-to-many offering inherent in public cloud services.

In such cases, customers have a few options:

• Option 1: If negotiating off of your paper is not possible, you may still be able to use your leverage to negotiate the vendor’s terms to align with your risk appetite. In doing so, your approach should focus on negotiating service level agreements (“SLAs”) and specific addendums that address critical concerns such as data security, privacy compliance, regulatory compliance (for example, if you are a regulated entity subject to various regulations and laws affecting your contracts, e.g. banks and insurers) and exit strategies.
• Option 2: If the vendor is adamant that their terms are “take it or leave it”, then you should do a “red-flag review” of the vendor’s terms. This will ensure that the material risks are clearly understood and accepted by your stakeholders. This type of review also assists with assessing whether the business opportunity is worth the risk.

Regardless of the chosen option, IT governance remains a board responsibility and boards cannot simply allow staff to sign up to terms and conditions without implementing risk mitigation and remediation plans and proper risk underwriting.

Practical tips

Given the clear benefits, how can you ensure your contract paper remains relevant and influential in vendor engagement?

1. Early engagement: Engage the vendor early in the procurement process, expressing a clear preference for using your contract paper. This sets the expectation and allows ample time for negotiation.
2. Focus on key clauses: Identify non-negotiable clauses that are critical to your business. Be prepared to compromise on less critical terms to secure these key protections, which assessment may depend on your relative negotiation power and what leverage you have in the relationship.
3. Avoid frustration: Where a vendor provides a public cloud service and the customer is one of the millions of the vendor’s customers, attempting to negotiate an agreement will prove to be an incredibly frustrating, if not impossible exercise.
4. Know your vendor: Each vendor is different; vendors have different risk appetites, sales pressures, and other drivers that determine their approach to contracting, and having a good understanding of your vendor would also serve you well in determining the best contracting approach.
5. Set your own level of risk tolerance: Each customer is different, and each customer has a different appetite for risk. (And even within an organisation, there may be varying risk appetites depending on the type of service being procured versus the business utility of such service.) Setting your own internal risk tolerance levels in the form of your own templates, playbooks, and minimum risk acceptance would also help determine the correct contracting approach and even whether to engage with a vendor or not. A cloud risk matrix is a good example of a useful tool that our team has created to assist clients, as with bespoke playbooks and templates.

While the rise of vendor standard terms is a notable trend, the relevance and importance of the customer’s contract paper and risk mitigation mechanisms cannot be overstated. These remain vital instruments for ensuring that IT service procurements are aligned with the customer’s specific needs, risk profile, and long-term objectives. By strategically asserting the use of your own contract paper, customers can achieve more balanced, flexible, and protective agreements, enhancing the value and success of their IT initiatives. And so, as the saying goes: The customer is always right!

Author: Ridwaan Boda