The world of IT (Information Technology) law (or Cyberlaw) can be a complex one, especially if you don’t have the right agreements in place. But it’s important to understand how it all works as it’s an essential part of any business.
It’s common business practice to have an arrangement with IT professionals who can help you out. It’s a great way to ensure that your goals are met (depending on your business) and to optimise your cyber security in an age where it is well needed.
When you’re dealing with volumes of personal information and access to a business’ trade secrets, confidentiality also becomes critical. If you’re thinking of engaging an IT service provider, think about the following:
- Do I want IT support in-house, or should I hire someone outside my business?
- Should I employ IT professionals on a project basis, or have them on board for a longer period of time?
- What kind of clauses do I need to ensure they don’t run away with my valuable trade secrets?
- Do they need to be trained before dealing with our internal systems?
- What happens if there is a cyber attack? Whose fault is it?
All of these things are worth thinking about before you finalise any agreements with IT service providers. But the best way to understand how IT can fit in your business plan is to look at an IT Service Agreement and an IT Support Agreement.
IT Service Agreement
An IT Service Agreement is a contract between two parties, where one party (service provider) agrees to provide professional IT services to the buyer. This includes a range of services, from a brief consultation about your options, to building an app or working on your cyber security system.
If you wish to engage a professional IT service provider (whether this be an individual or a business), you need an appropriate IT Service Agreement. This will set out the relationship between you and the provider and clarifies what needs to be done. There are also different approaches to this, so this should be clear from the outset to avoid any confusion.
Let’s go through the key clauses.
The first and most important thing you need to discuss with the provider is what services they are expected to provide. This also includes answering the following questions:
- What is the nature of services to be provided?
- How will you be doing this?
- How long will it take?
- What materials do you need?
- How much data do you require (so access can be granted accordingly)?
The agreement should also clarify how you will be paying the provider. For example, will you be sending an invoice for each project? Or will you be charging them a monthly fee for your long-term arrangement with them? Do you offer instalments?
There are various ways you could organise payment with your client, and this all comes down to the way your business runs things. If you have inconsistent, short-term projects, then invoicing on a contract basis may be the best payment structure for you. If you need them to provide services over a long period of time, and the work required is recurring, then monthly payments may be more suitable.
It’s good business practice to share the reason that you chose a particular payment structure. This kind of transparency builds trust in your relationship, and helps the provider feel more confident that you are charging them reasonably and fairly. It’s also a good step to a long-term business relationship.
Intellectual Property (IP)
When you’re dealing with sensitive information in an online environment, it’s always important to consider how IP comes into play. It is likely that the provider will be creating something for you (whether it be a new software or application), and when this is completed to a sufficient standard, you want that property to belong to you. This way, you can actually distribute it as your own with limited restrictions.
In your contract, you need to clarify that all ownership will belong to you once the project or service is complete. If it is incomplete, the IT service providers may retain ownership – this should be included in your agreement.
Each party also has certain duties to ensure that the project is completed to the expected standard. For example, you may need to provide access to certain data so that a system can be built successfully.
As we mentioned before, things can get quite complex when you’re dealing with sensitive information online. Since IT service providers deal quite closely with personal information or inside business information, it’s important that there is some enforceable clause in the contract that prevents them from taking advantage of this information.
In other words, you need to make sure your contract prevents unauthorised access or use of sensitive information or trade secrets, as this can easily be used against you in a competitive market.
If you’re engaging in-house IT professionals, you may want to consider a Non-Compete Clause. This prevents employees from engaging in similar services or working for a competitor – this can damage your business’ performance because of how much they know about your business’ internal systems.
If you’re engaging external IT professionals, then extra precautions need to be taken. This is because they are not internal members, so their access to your inside information carries a higher risk – we’ll cover this in more detail later.
Most businesses need to understand confidentiality well due to online threats and security risks (we’ve written more about confidentiality here).
Like any other contract, your agreement should provide a procedure or rules around how the relationship can be terminated. For example, if you’re in a short-term agreement, your contract might set out that the relationship terminates as soon as the project is complete and you are satisfied with the results.
Otherwise, termination clauses also deal with the not-so-pleasant circumstances which may give rise to the end of a business relationship. For example, if the IT service provider refuses to pay, this could terminate your agreement.
Since it is in writing, it will be enforceable. This means that in case something does get messy later down the track, the contract will tell the parties how they can deal with it (for example, ADR).
What Is A Custom Software Development Agreement?
A Custom Software Development Agreement is similar to any other service agreement, but there are more specific factors to consider. For example, there are specific types of contracts you can enter into.
Time and materials
This type of contract means that you agree to pay for the time spent on the project you’ve set. So, payment depends on how many hours they’ve invested into the project.
This might be a bit contentious as you’d need to unexpectedly pay more if they need more time to complete the work. The good news, however, is that it is more likely to produce high-quality results.
Another option is to have a fixed fee from the outset. This means that even if there are changes to the requirements for the project, or to the nature of the service provided, this will not change how much you pay them.
This type of structure would be more appropriate for smaller or shorter projects, as they generally do not require lengthy planning about what results you want. So, you wouldn’t be at a big loss if the results were not proportionate to what you paid for.
The last option is to have a fixed fee (like the one we just discussed), but reward the provider with extra fees if they complete the project earlier than expected. This might be a great option for high priority projects as it is an incentive to complete the project quickly.
However, this might come at the cost of quality, so you need to think carefully about which option would be best for you depending on the nature of your work.
What Should The Agreement Cover?
A custom software development agreement should have very similar clauses to a regular service agreement, however consider the following:
- Time and cost – these particular agreements need to have detail around the hourly rates, milestones and deadlines for the required project. This is because payment may depend on these milestones and deadlines, and the hourly rates may change depending on what structure you’ve agreed to.
- Acceptance criteria – after the project is complete, you’d need to perform ‘acceptance testing’. This basically means you’d need to check whether the project has produced the result you expected, and to the standard you wanted. The criteria for the finished product should be clear in the agreement, so the provider knows what to do and can plan accordingly.
- Warranties – if there is a malfunction or some other technical error, the service provider is under an obligation to fix or replace it. Once again, this should also be in your contract.
IT Support Agreement
We’ve gone through an IT Services Agreement, but how is this different to an IT Support Agreement?
IT Support relates more to assistance with tech-related issues. For example, if your software crashes, IT support comes to the rescue. This might be from in-house IT professionals or external IT companies, depending on your business’ needs.
This is where an agreement comes in handy. It will ensure that both parties can protect their interests and have it all in writing. If anything goes wrong, it can be enforced.
This is particularly helpful where you’re employing IT support from external providers, so you can set some ground rules, such as how confidentiality can be maintained. Since they’re not internal members, you need to consider additional factors, such as how much access they can have to inside information, how they will be trained to comply with your internal policies and procedures and what kind of approval they need before making any permanent changes.
The features of the contract are roughly the same as that of service agreements, except IT Support may be more regular and consistent than service providers. This is because you may need IT Services for a one-off project (e.g. you want to build an app), however you may need IT Support more frequently (for example, if you want to regularly update your cyber security system and passwords). As such, you want to make sure your agreement accommodates these small differences.
So, if your IT Support team is more regularly required, you may want to consider a fixed fee payment structure.
Like we mentioned before, confidentiality is important in any IT law context. IT Support generally involves engaging external parties, so a Non-Disclosure Clause may be sufficient. This ensures that they do not disclose any information that they learned or had access to in the course of their business relationship with you.
IT Law is something that every business should think about closely before they make important business decisions. With lots of business conducting activities online, it’s essential that the agreements in place cover every aspect of the relationship to mitigate these risks.
You can reach out to us at firstname.lastname@example.org or contact us on 1800 730 617 for an obligation-free chat.
Need legal help?
Get a free, fixed-fee quote.
We'll get back to you within 1 business day.