Information Technology Agreement

Information technology ("IT") agreements are contracts related to information technology assets, including software services, subscription and hosting agreements. There are practical legal implications if the agreements are not properly drafted. We aim to provide guidance on key elements on the negotiations and entering into information technology contracts.


There are numerous types of IT transactions, as well as the agreements / products involved in information technology transactions. The continuous development of e-commerce, technological innovation, and the ongoing need for companies to update, maintain or update existing technology solutions and also the underlying agreements.


Software and IT contracts


Most IT suppliers and service providers would provide their customers with their standard contracts or terms and conditions. Some suppliers provide standard specifications and there is no room for negotiation. However, they are not set in stone and should be open for negotiation by the customers, in particular the accuracy of the IT product or service specifications.


1. IT Product or Service Specifications


This is often the most important and least legalistic part of the agreement, yet most people do not read it. Please ensure that the specifications include the technology and services you want, specify what the services would do or function of the technology. The language should be clear and unambiguous. This will also have an effect on the warranty as well, because the warranty promises that the technology will work, if the scope of coverage is unclear, then the warranty becomes meaningless. The same goes for maintenance and acceptance clauses, which indicate that the vendor will repair software or deliverables that are not working. 


For customised solutions, the agreement should specify the customised features and functions. If it is an off-the-shelf product, then check if the supplier's standard specifications can meet the customer's requirements. If certain product or service features have not been included, add and describe them clearly. If your description requires technical details, one may need to get an IT expert to help. 


2. Data Security


Most non-disclosure agreements (NDAs) or confidentiality clauses are to protect trade secrets, business plans, customer lists, source code, but not data held or accessed by the IT service provider, nor private or personal data. They are insufficient for IT service agreements.


Additional data security provisions or clauses are required to cover the process of protecting data: encryption, passwords, dual control restrictions, physical protection of the server, etc. Many data clauses also require employee background checks, data breach responses and notifications, and perhaps most importantly, external audits of data security. In addition, the data clause should address compliance with legal and privacy policies, as well as e-discovery policies that cover when and how a supplier provides data to another party in a lawsuit.


3. Maintenance and Support


Maintenance and support are very expensive and should only charge or pay for after the service or the expiration of the warranty.


In relation to software, there should be no need for maintenance until customisation / implementation. If updates or upgrades are available, the vendor's team can install them as part of the customisation.


4. Intellectual Property


Intellectual property (IP) rights often go hand in hand with IT agreements. In many IT agreements, suppliers or service providers would compensate its customers for any IP claims related to supplier's technology. If the customer is sued by a third party for IP infringement from the use of the supplier's technology, the supplier will indemnify the customer for any legal costs to defend a patent, copyright, or trade secret, as well as any settlement or judgment. However, one should look out for any exemptions or exceptions to these types of indemnities. 


For example, a typical exception is that the supplier does not need to compensate for a lawsuit when the supplier's technology is used with other hardware or software not provided by the supplier. As most hardware or software can only be used when combined with a third-party product: computer, operating system (OS), office system, other applications, etc. If the customer uses vendor technology to operate the system, such as an operating system or browser, then arguably the customer may not be able to claim compensation under the indemnity. Another common exception is that the supplier is not responsible for claims arising from suppliers' modifications of the technology in accordance with the customer's specifications. Most customers would try and give instructions when customising a technology for their use, and this again would neutralise the effect of the indemnity.


For other IP licenses and IP agreements, please refer to the category on IP documents.