Sourcing Procurement
Vendor Management
IT Professionals

Articles

Feeling Safe With IT Security

To IT professionals, the word security generally evokes operational-type thoughts. For instance, there’s a need for physical security of the data itself. And there’s software-controlled access to the secure network. Then there’s security to control access to the organization’s order entry and financial systems and to the underlying databases. Now, with the proliferation of Web-based systems, Internet firewall security has become a growing concern. Regardless of the setting, security is a major control issue facing not only today’s IT managers, but everyone else as well.

Although the security function is staffed internally, the tools we use, for the most part, are rarely homegrown. To build the security infrastructure, IT managers go outside to license software, purchase or lease hardware, and contract for consulting services. But there’s always a contract involved – yours or the vendor’s. From a deal management perspective, contracting for security is like any other technology acquisition: You must make sure you get what you pay for.

In the rush to build a security infrastructure, don’t forget about the rights and obligations of the contract. You must take the time to do it right. Don’t get caught with contract “gotchas” that come back to haunt your organization after the deal is done. Contract problems during the relationship take time away from other activities and can cost you significant bottom-line dollars, along with some career embarrassment. And the fixes are seldom easy.

The list of ugly contracting possibilities is much longer than this column. But it’s important to focus on some of the more potentially problematic areas. Think of the following as a checklist to prevent any “gotchas” in security contracting. You can use it to level the negotiating field.

Software

When the contract involves security software, watch for the following things:

  • The license should be perpetual, irrevocable and of sufficient scope to cover your entire organization.
  • The vendor should guarantee that the software will perform according to the published specifications for at least a year. If it doesn’t, the vendor should fix it at no charge. Or, if it can’t be fixed, the vendor should refund your money and “make you whole” for the expenses you incurred related to its software.
  • Maintenance should include enhancements (minor improvements and bug fixes) and upgrades.
  • Insist on the right to install and test the software before paying the majority of the money specified in the deal. There’s nothing like testing in your own environment to make sure you’re getting what you think you’re paying for.

 

Consulting

When the contract involves consulting services, watch for the following things:

  • Make sure the consultant is fully qualified. Check references, and interview staffers assigned to your site.
  • Make sure the consultant’s responsibilities and expected results are carefully documented in the contract.
  • Make your payments based on the consultant’s achievement of acceptable results, not on the passage of time.
  • Provide for frequent project status meetings.
  • Make sure you own all of the consultant’s deliverables.
  • Make sure there’s a confidentiality agreement in place between you and the consultant.

 

Hardware

When the contract involves hardware, watch for the following things:

  • Secure the right to test the hardware in your own environment before final payment.
  • Check the vendor’s warranty carefully, and understand what’s included (such as parts or labor) and for how long.
  • Make sure the configuration ordered is complete. Get the vendor to warrant that it has included all the necessary components. This helps avoid unexpected charges for additional equipment.
  • Get a firm delivery date, and hold the vendor accountable with remedies if it fails to deliver on time.

 
In short, no matter how great your hurry to plug some hole in your security plan, always remember to make sure there’s a well-thought- out contract. These guidelines will get you closer to a safe and “secure” agreement – and closer to getting what you think you’re paying for.

JOE AUER is president of International Computer Negotiations Inc. (www.dobetterdeals.com), a Winter Park, Fla., consultancy that educates users on high-tech procurement. ICN sponsors CAUCUS: The Association of High Tech Acquisition Professionals. Contact him at joea@dobetterdeals.com.

Copyright by Computerworld, Inc., 500 Old Connecticut Path, Framingham, MA 01701. Reprinted by permission of Computerworld.

Write Us

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam sodales fermentum gravida. Vivamus elementum massa neque, sed fringilla mi malesuada aliquet. 

ICN has been in the business of helping technology users do better and safer deals with vendors for more than forty two years.
  • 407-740-0700
  • 407.740.0368
  • info@dobetterdeals.com
  • 822 Clay St,
    Winter Park, FL 32789
  • Drawer 2970,
    Winter Park, FL 32790-2970

About ICN

  • Differentiators
  • People
  • Diverse Experience
  • Press Kit

Consulting

  • Cloud Contract and Negotiation Services
  • IT Procurement Negotiations
  • Vendor Management Program Assistance
  • RFP Leadership and Advisory
  • SLA Best Practices
  • Mergers, Reorganizations, and Divestiture Assistance

Our Courses

  • Best Practices in Vendor Management
  • Cloud Contracting
  • Cloud Contracting for Government
  • Do Better Deals Workshop
  • IT Contracting Boot Camp
  • IT Contracting Boot Camp (Online)
  • IT Procurement Academy
  • Legacy Software Maintenance
  • Negotiating Requirements

 

  • NEGOTIATIONS Power - Process - Principles
  • RFP Lab: Forms - Training - Templates
  • SLA Lab
  • Statements of Work Done Right
  • Software Workshop
  • Sourcing the Cloud
  • Taming the Maintenance Monster
  • Total Vendor Management

Training

  • On-Site Seminars
  • Public Seminars

Articles

Events

Contact Us