More and more, nonprofits are relying on third-party vendors that offer technology solutions which provide a range of services and operational support, such as donor outreach and management web platforms, payment processing solutions, and data storage. Having reviewed and negotiated my fair share of technology agreements, I am often perturbed and frustrated by how ridiculously one-sided they are in favor of the vendor. If these agreements are not effectively negotiated, nonprofits are at risk of having little recourse or means of redress should something go awry.
It is impossible to provide an exhaustive list of issues to be considered in negotiating an agreement, for each must be tailored to the specific technology and vendor involved. Nevertheless, I recommend that the following five points should always be addressed before signing any technology agreement.
- Adjust the Limitation of Liability Cap
Vendors routinely attempt to limit any claims for losses or damages that you might incur. Typically, they try to limit your recovery to 6 months of fees paid, or even less. I suggest that the “cap” be set at some multiple of the contract value, and not be tied to monies paid to date. This avoids having limited recompense for claims that occur early on.
- Draft Exclusions to the Limitation of Liability Cap
Related to the first provision, most types of damages are “capped” at some pre-agreed dollar amount. However, certain damages, because they pose a greater risk to your organization and its reputation, should be excluded. As an example, damages that result from a data breach, indemnified claims and breaches of your confidential information should never be capped.
- Request Transition Services
Not all vendor relationships last forever. And when it’s time to change a vendor, in some cases transition can be a lengthy and arduous process. When a vendor is reluctant to assist with the facilitation of the transition, the client gets stuck with the logjam. To mitigate, I always insist on including a provision requiring the vendor to provide ongoing services and specific transition support at their then standard rates for a certain period of time
- Insist on Representations and Warranties
During the sales pitch, clients are presented with polished and detailed marketing materials that exhaustively detail the various aspects of the vendor’s product, and are promised all sorts of things. If responding to an RFP, the vendor meticulously details the features and functionality of the system. It’s odd that when you finally get the agreement, it’s scant on the details of what is to be provided. To make matters worse, many vendor agreements actually disclaim or exclude statements or information that may have been made during the upsell.
For this reason, I suggest the client attach all marketing materials, RFP responses or other descriptions to the Agreement, and have the vendor attest to their accuracy and truthfulness. It insures that the vendor will put their money where their mouth is!
- Require Breach Notification and Credit Monitoring Expenses
Breaches happen. Although unfortunate, the truth is that no system or platform is “breach proof.” Even if your vendors maintain all the various physical, logical and administrative security precautions that have been reasonably requested, breaches can occur.
If a breach occurs and notification is required, your vendor is only obligated to notify you, not your end-user donors. This being the case, I strongly recommend that you require all vendors that have access to personally identifiable information on your behalf to agree to pay for all statutory required expenses related to breach notification and to provide credit monitoring services
Please keep in mind that the above list is intended to provide a general discussion, and is by no means an exhaustive list. As I consistently admonish my clients, “don’t try this at home.” Be sure to work with your legal counsel to appropriately tailor each agreement to your organization’s needs