The IT Procurement Legal Cheat Sheet for Nonprofits

4 min

When procuring technology solutions for your nonprofit organization, preparation is key. IT products and services can vary widely, and there is no such thing as a true "standard" contract for the IT industry. Vendors will typically present form contracts at the beginning of negotiations, which often include terms that heavily favor the vendor. These forms can be used as a starting point, but changes should be negotiated. The following "cheat sheet" includes relevant terms to consider when procuring an IT solution. While this cheat sheet is not exhaustive, it provides a broad overview of terms and related issues for your nonprofit to consider.

For further information regarding these issues, watch our October 2017 video webinar, "The Top Ten Tips for Nonprofits to Consider When They Procure Technology Solutions."

1. Term and Termination:

  • What is the duration of the agreement? Service duration?
  • Does the vendor provide post-termination transition assistance?
  • Data, material(s), and confidential information returned?
  • Renewal options? Is renewal automatic?

2. Service Description:

  • What services are being provided?
  • Where will the service description be included?
  • What are the acceptance criteria?
  • What schedules, milestones, and timetables are in place?

3. Proprietary Rights:

  • License to software, a license to access, or an assignment?
  • Who owns the deliverables? Are there underlying licenses to components of the deliverables?
  • Permitted use of your trademarks for marketing? Is consent required?
  • Do the services or deliverables require licenses to third-party materials?

4. Service Levels, Business Continuity, and Disaster Recovery:

  • If the services involve access to externally hosted material(s), what service levels does the vendor guarantee?
  • How are service levels/availability measured, monitored, and reported?
  • What remedies or refunds are available?
  • Is there a disaster recovery plan in place?

5. Staffing and Subcontracting:

  • Is there a designated project manager or business contact?
  • Right to control staff continuity or request removal of personnel?
  • Non-compete or non-solicitation provisions?
  • Use of subcontractors permitted? Are there any conditions/restrictions? Does the vendor take full responsibility for subcontractors?

6. Confidentiality:

  • How is confidential information defined?
  • What is the license to use confidential information?
  • What are the exceptions or permitted disclosures?
  • How will confidential information be returned upon termination?
  • Does the confidentiality provision survive termination?

7. Data and Data Security:

  • Where is data stored? Are there multiple storage locations?
  • Who owns the data? How is it licensed?
  • What are vendor's security procedures and how are they tested and updated?
  • What rights exist after termination? Will there be any hosting or processing by subcontractors?

8. Privacy and Data Breach:

  • Does the contract obligate the vendor to comply with data/privacy laws, rules, and regulations?
  • Is there any personally identifiable information involved
  • What reporting obligations and remedies are in place in the event of a security breach?

9. Insurance:

  • What categories of insurance are provided? What are the policy limits?
  • Is e-commerce/cyber liability insurance provided?
  • How and when will insurance documentation be provided?
  • Is vendor willing to name customer as an additional insured?

10. Dispute Resolution:

  • Is there an informal dispute resolution process? What is the schedule for and what personnel are involved in such a process?
  • Is there a right to withhold disputed fees?
  • Will a dispute result in arbitration? If so, what are the rules?
  • Are there any class action or jury trial waivers?

11. Remedies and Limitation of Liability:

  • Are there any liquidated damages or penalty interest payments?
  • Is injunctive relief available for confidentiality or IP rights violation?
  • Is there a limit or cap on direct damages? Does it include confidentiality, data security, and/or IP infringement?
  • Is there an exclusion for special damages? What are the exceptions?

12. Indemnification:

  • Is there indemnification for material breach, negligence, and/or violation of law?
  • Is there indemnification for IP infringement?
  • What is the indemnification procedure?
  • Are there any liability or insurance limitations elsewhere in the contract that might limit indemnification?

13. Representations and Warranties:

  • Are there service, software, or security warranties? Is there a time limit?
  • Is there a warranty for non-infringement of IP and proprietary rights?
  • Are there any disclaimers?
  • What remedies are available for a breach? Are they exclusive?

14. Audit Rights:

  • What aspects of the services or payments can be audited?
  • Can the audits be conducted by a third party?
  • What is the record retention policy?
  • What are the remedies in the event of a discrepancy?
15. What Legal Boilerplate to Include:
  • Notices
  • Assignments
  • Counterparts
  • Relationship of the parties
  • Severability
  • Waivers
  • Entire Agreement
  • Survival
  • Governing law / venue
  • Headings