Articles on IT Acquisition and Doing Better Deals
Tips & Tactics
- Negotiations: Principled Concessions
- Financial Analysis — a Refresher
- Presenting vs. Positioning
- Even Pros Make Mistakes
- The Power of No
- The Dip
- Caveat Venditor
- Champagne and Scarcity
- Urgency—Guard it at All Costs
- They Know That You Know
- Why a Checklist
- Beyone the Handshake
- The Challenge with Buying Technology
- The “Try It, You’ll Like It” Ploy
- The “We Don’t Need To Write That Down, You Can Trust Me” Ploy
- The “Low Ball” and “When I Hit Your Hot Button, I Gotcha” Ploys
- The “Price Protection Contract” Ploy
- The “Form Contract” Ploy
- The “Solutions” Ploy
- The “We Can’t Do It For You Because We Would Be Setting A Precedent” Ploy
- The “Unfortunately, I’ll Have To Get Any Changes Approved By Corporate” Ploy
- The “Price Protection Contract” Ploy
- The “Tie-In” Ploy
- The “Fait Accompli” Ploy
- The “Price Increase is Coming” Ploy
- Table of contents
- “We Don’t Need To Write It Down. You Can Trust Me” And Other Grim Fairytales
- The Negotiations Agenda Part 1
- One Bite at a Time
- The Negotiations Agenda Part 2
- Don’t Let Vendors Hold You Hostage
- The Right Attitude
- Finding Responsibility
- A Fair Audit Clause
- Looking Beyond “Needs”
- Before Saying “I Do,” Think About Divorce
- A ‘Top-Down’ Look In Challenging Times
- Don’t Allow Vendor Disappearing Acts
- Vendor Short-listing: The Long and Short
- If a Vendor Offers the ‘Lunch’ Ploy, Don’t Bite
- Make Sure Consultants Will Keep Your Secrets
- Two Essential Parts for Service Contracts
- Keep Consultants Far From the Enemy
- Be Wary of Annual Revenue Commitment
- Leasing’s Different When It’s Laptops
- Two Truths Behind Securing Better Deals
- Not in the Contract, Not Part of the Deal
- Feeling Safe With IT Security
- Avoid Surprises in Subleasing Deals
- Insist on Language to Cover Billing
- Manage the Contract
- Clear Ordering Procedures
- Winning with Leases
- A Ploy that Didn’t Fly
Feeling Safe With IT Security by Joe Auer
To IT professionals, the word security generally evokes operational-type thoughts. For instance, there’s a need for physical security of the data itself. And there’s software-controlled access to the secure network. Then there’s security to control access to the organization’s order entry and financial systems and to the underlying databases. Now, with the proliferation of Web-based systems, Internet firewall security has become a growing concern. Regardless of the setting, security is a major control issue facing not only today’s IT managers, but everyone else as well.
Although the security function is staffed internally, the tools we use, for the most part, are rarely homegrown. To build the security infrastructure, IT managers go outside to license software, purchase or lease hardware, and contract for consulting services. But there’s always a contract involved – yours or the vendor’s. From a deal management perspective, contracting for security is like any other technology acquisition: You must make sure you get what you pay for.
In the rush to build a security infrastructure, don’t forget about the rights and obligations of the contract. You must take the time to do it right. Don’t get caught with contract “gotchas” that come back to haunt your organization after the deal is done. Contract problems during the relationship take time away from other activities and can cost you significant bottom-line dollars, along with some career embarrassment. And the fixes are seldom easy.
The list of ugly contracting possibilities is much longer than this column. But it’s important to focus on some of the more potentially problematic areas. Think of the following as a checklist to prevent any “gotchas” in security contracting. You can use it to level the negotiating field.
When the contract involves security software, watch for the following things:
- The license should be perpetual, irrevocable and of sufficient scope to cover your entire organization.
- The vendor should guarantee that the software will perform according to the published specifications for at least a year. If it doesn’t, the vendor should fix it at no charge. Or, if it can’t be fixed, the vendor should refund your money and “make you whole” for the expenses you incurred related to its software.
- Maintenance should include enhancements (minor improvements and bug fixes) and upgrades.
- Insist on the right to install and test the software before paying the majority of the money specified in the deal. There’s nothing like testing in your own environment to make sure you’re getting what you think you’re paying for.
When the contract involves consulting services, watch for the following things:
- Make sure the consultant is fully qualified. Check references, and interview staffers assigned to your site.
- Make sure the consultant’s responsibilities and expected results are carefully documented in the contract.
- Make your payments based on the consultant’s achievement of acceptable results, not on the passage of time.
- Provide for frequent project status meetings.
- Make sure you own all of the consultant’s deliverables.
- Make sure there’s a confidentiality agreement in place between you and the consultant.
When the contract involves hardware, watch for the following things:
- Secure the right to test the hardware in your own environment before final payment.
- Check the vendor’s warranty carefully, and understand what’s included (such as parts or labor) and for how long.
- Make sure the configuration ordered is complete. Get the vendor to warrant that it has included all the necessary components. This helps avoid unexpected charges for additional equipment.
- Get a firm delivery date, and hold the vendor accountable with remedies if it fails to deliver on time.
In short, no matter how great your hurry to plug some hole in your security plan, always remember to make sure there’s a well-thought- out contract. These guidelines will get you closer to a safe and “secure” agreement – and closer to getting what you think you’re paying for.
JOE AUER is president of International Computer Negotiations Inc. (www.dobetterdeals.com), a Winter Park, Fla., consultancy that educates users on high-tech procurement. ICN sponsors CAUCUS: The Association of High Tech Acquisition Professionals. Contact him at email@example.com.
Copyright by Computerworld, Inc., 500 Old Connecticut Path, Framingham, MA 01701. Reprinted by permission of Computerworld.