Information Technology Contract Guidelines
Furman University Policy 077.3 requires that all University contracts for information technology hardware, software, or services be approved by the Chief Information Officer. Generally, offices considering information technology hardware, software, or services should consult with Information Technology Services (ITS) before getting to the contract stage. ITS can help you determine whether your requirements can be met by existing ITS services, or whether an outside service would be a better approach. The Systems and Services Contract Review Form should be completed when outside services are needed.
When you do get to the point of needing to contract for information technology, University Policy 370.1 designates ITS as the purchasing agent for technology hardware, software, and services. ITS staff will review such contracts to ensure that they will work with the University technology services, and that the contract terms comply with appropriate University policies and guidelines. The review process pays particular attention to these elements of the contract process:
Additional explanations, and sample terms, are listed below. All items may not be appropriate for all contracts, but are expected for most contracts.
Statement of Work: The contract should include a Statement of Work. This Statement of Work should state everything that we expect the contracted solution to do for Furman. Contracts also typically reference, or include, payment schedules within a Statement of Work. When appropriate, scheduled payment should be after we accept the work as complete.
Bid Process: University policy 370.2 requires that, for contracts valued at more than $5000, we receive three competitive quotes, or provide documentation explaining why it was impossible to get three quotes. For contracts valued at more than $10,000 we need three formal competitive written quotations, and unsuccessful bidders must be notified of Furman's decision.
Budget Office approval: Information Technology Services will check with the budget office to ensure there is adequate funding.
Cap on increases: Service contracts may be renewable. If Furman expects to renew the contract then there needs to be a cap on future price increases. For example, on long term associations with a software vendor where there are annual maintenance fees, the contract needs to include a reasonable cap limiting how much these increases can be.
Privacy and security: Furman is beginning to contract for many services that are hosted off site, and many of these services store data on their systems. University data needs to be protected, and comply with expectations outlined in University policy 071.11. If student data is involved then we need additional assurances that the vendor complies with FERPA regulations. The contract needs to state that the vendors systems are regularly audited by a 3rd party. That the auditors report is available to Furman and that the vendor has responded successfully to anything found in such an audit. Here is an example of such privacy language from a recent contract:
“Vendor and Furman agree that student and prospective student records, information, and data are confidential, regardless of whether they are designated as confidential in writing. Vendor further agrees to abide by all requirements of the Family Education Rights and Privacy Act (“FERPA”) with respect to all such student and prospective student records, information, and data. Vendor agrees to accept all financial responsibility for any data breach of its systems related to Furman data and will notify Furman University of such a breach within 24 hours of discovering said breach. Furthermore, vendor will provide upon request evidence of having had a party security audit conducted by a 3rd party within the past year. Vendor will also provide evidence of having successfully satisfied all findings from said security audit.”
In addition, ITS may ask to see evidence of appropriate backup and recovery processes, as well as provisions for data encryption and other relevant security methods.
Service levels: We require a service level agreement (SLA) for all contracts for services that are hosted offsite. This is to insure that we are not paying for something that is not available. We generally are looking for a 99.9% uptime with some type of refund structure if that level is not met. Here is a pdf example of a representative SLA.
Termination terms: The termination clause of a contract should allow either party to terminate the contract without cause by providing written notice. This type of termination is usually valid within a given number of days of the other party receiving the notice. The termination term must be reasonable and fair to both parties.
Reciprocity of terms: Contracts are typically written by vendors to protect themselves. Consequently, the contract may contain clauses that gives the vendor some benefit. If a clause in a contract gives the vendor a benefit, then we expect the contract to also allow Furman to receive a corresponding benefit.;
Governing Law: All contracts include a clause that says under which state's governing laws apply to the contract. This should always be South Carolina.
If you have questions about a contract for information technology, please contact the IT Service Center.
New Technologies and Services
Cornell University's "Legal and Quasi-Legal Issues in Cloud Computing Contracts"
EDUCAUSE Quarterly article: "If It's In the Cloud Get It On Paper: Cloud Computing Contract Issues"