By Saraann Parker

Law360 (June 12, 2020, 3:47 PM EDT) --

Saraann Parker

Just a few short months ago, COVID-19 forced businesses across the country to shut their office doors with little warning or preparation.

Offices shifted overnight from the normal in-person workday, to the new normal — working from home and connecting through a multitude of technologies. Time was of the essence.

Companies scrambled to purchase new software products and cloud-based subscriptions, increase their current licenses and purchase new equipment, but in the rush to virtually connect their employees and continue servicing their customers, businesses may have overlooked critical risks.

Which technology products were being licensed at the same time by the company's different business units, affiliates and information technology teams? Which employees have the rights to use which software products? What are the company's rights under these new agreements? What are the security risks? What do the contracts actually say?

As companies consider how to implement the next phases of the new normal with both in-person and virtual work environments, this is a good time to assess current and future needs, and contract terms and conditions. Actions taken now can protect a company for years to come.

Internal Technology Assessments

Companies should answer the following questions:

• Which software products were licensed during the past six months in response to COVID-19?

• Which software (server and cloud) products have been licensed across the entire enterprise over the past year?

• What licenses have been purchased but not deployed? Are there additional licenses available?

• Can recently licensed cloud products replace older software products?

• Which employees are using which products? Are there internal authorizations in place?

• Is there overlap among products that have been licensed during the pandemic?

• Are all currently licensed products necessary for the new normal when some employees will return onsite?

• Are security measures implemented to address working from home adequate?

• Are firewalls in place?

• Has new equipment been purchased or leased? Is there overlap? Have current leases expired?

It is advisable for technology legal counsel to work with the company's IT group during the technology assessment to review current software licenses, software as a service agreements, and technology purchases and leases to assess agreement terms against the company's IT findings.

Key issues for contract review include:

Technology Contract Assessments

• Has the company increased its volume and license usage? Is there opportunity to renegotiate volume pricing and offset against additional or new purchases?

• Are there multiple agreements in place with the same vendor? Can agreements be subsumed? Is there an opportunity to negotiate a more favorable master agreement?

• If different offices or business units licensed the same products without consultation, are there inconsistent agreements? Do certain agreements contain more favorable terms?

• If there are overlapping agreements, or the company has entered into multiple vendor agreements for competing products, what are its termination rights?

• If the company has entered into agreements with competing vendors, which products are preferable? Is there leverage to require competition for better agreement terms upon expiration?

• How are support and maintenance delivered? How have the products performed during the crisis? If there have been issues, has the vendor been responsive?

• For cloud products and services, what are the vendor's uptime policies? If the online software is unavailable, does the company receive any remedies? What are its risks?

• What are the vendor's security policies? Have there been issues? Have other companies reported breaches? Has the vendor been responsive? What are the company's rights and obligations in the event of a security breach?

• Do the agreements contain vendor audit rights? If so, are they enterprisewide? How frequently may the vendor conduct audits, and what are the company's potential liabilities?

• Does the company have the right to conduct its own audits of the vendor?

• What warranties and indemnities does the vendor offer? Is liability capped? Is it mutual?

IT and Legal Strategy Sessions

Ideally, a company's IT team and legal counsel will conduct regularly scheduled meetings in which they share their findings and, at the end of their assessments, prepare a joint strategy for addressing the most pressing IT and legal needs.

For example, if the IT team shares with legal counsel that the technology has not been performing as promised by the vendor, that there have been security breaches, or that there has been excessive downtime, legal counsel can focus its agreement reviews on the terms governing warranties, support, maintenance, security and service level agreements.

Together, the teams can determine what issues should be brought to the provider's attention and have the best leverage for seeking remedies, renegotiating the most problematic agreement terms, and perhaps uncovering cost-saving opportunities. The following overlapping IT and legal issues are of particular importance.

License Overlap and Overload

To begin the assessment, the company's IT team should compile a comprehensive list of all software and subscription technology for which the company has active licenses and subscriptions as of the assessment date. The list should include enterprisewide server-based licenses, individual user licenses and software as a service subscriptions.

The IT team should then identify the users — individual employees, contractors, business units, offices, enterprisewide, etc. — how and why the technology is being used, and the volume of use. After applying these factors to long-standing technology and new technology recently licensed in response to COVID-19, the team should identify where there are overlaps, and where there has been a drop in use.

Are certain products still necessary in a post-COVID-19 world? Will the company revert to the way it was using software prior to COVID-19, or will it retain some or all of its new virtual office even after its employees return? If any of the changes will be permanently implemented, company management and the IT team should determine where there are overlapping technologies and how to streamline technology use in the new normal.

It is also common in large corporations for different business groups and locations to purchase licenses to identical software products. To the extent the company as a whole has overlapping licenses or licenses to competing products, now is the time to use that information to its advantage.

Once the company identifies redundancies and/or technology products that are no longer useful, an experienced technology attorney will be able to review the applicable vendor agreements with an eye to assessing key terms that can be used to the company's advantage — termination, warranties, indemnities and limitation of liability, among others.

If different business units, employees or affiliates of one company entered into multiple agreements with the same vendor, were some agreements negotiated, while others were not? If some agreements contain more favorable terms, will the vendor consider applying those terms to all agreements for consistency?

Would the vendor consider subsuming the existing agreements into one master with negotiated terms and/or volume pricing incentives? There are many options to achieving improved results.

Performance, Support and Security

Now that the initial implementation rush has subsided, the IT department should review the frequency of support tickets, new releases and overall performance of all active software products over the past six months — prior to COVID-19, during office closure, and in the first months of reopening.

In addition, the IT department may consider including stakeholders in its overall assessment by surveying users in various groups, locations and levels of seniority for feedback on the performance of both new and existing technology.

For new technology, was it accessible and user friendly, and did it deliver the promised functionality? While errors and downtime are expected in cloud environments, were these situations manageable? Was the company's pre-COVID-19 technology nimble enough to communicate and respond in a virtual environment?

IT teams usually track and handle support tickets, new releases and security incidents. Using data already on hand, the IT department should compare the volume, severity and type of support tickets logged over the course of the past six months to assess variables in performance of its long-term products, and conduct an additional comparison among all products, both old and new.

If new technology products were licensed from competing vendors, the comparison may be particularly insightful. If there were security breaches, how extensive were they, how quickly did the affected vendor respond, and what was done to remedy the breach?

Attorneys who are experienced in negotiating technology agreements will be able to use the IT team's evaluations to identify contractual rights and remedies that may not have been known to or pursued by the company. If the technology failed to function in accordance with documentation, for example, what rights does the company have under warranties, support or breach of contract?

If the vendor's support or uptime guarantees failed to meet contract terms, does the company have rights and remedies beyond termination? If the company chooses to pursue breach, what are its liability limitations? If the IT team identifies competing vendors and/or products, once agreements are reviewed, the company may have leverage to present vendors the options of renegotiation rather than damages.

Audits

Audit provisions are often overlooked, as vendors presumably have the right to ensure that their licensees comply with the terms of the license. Audits are more commonly used by vendors to require companies to provide a large-scale accounting of all of the vendor's software products that have been licensed and used by the licensee throughout its business enterprise.

The most egregious audits could reach back decades to the original license and could encompass affiliated companies that have since been sold or have recently been added. If a company has increased its total users in the haste to connect its employees and offices during the COVID-19 pandemic, it may be unaware that it has exceeded its licenses.

There are also risks of software downloads by individual employees who are unaware of the license restrictions. If multiple products have been added to a company's software portfolio, it will be difficult to track users and applicable agreements.

As the COVID-19 emergency begins to abate, now is an excellent time to have a legal review of the various terms and restrictions applicable to software audits and an IT review of the technology licensed over the past several months on a company-wide basis.

Assess Now; Protect the Future

Companies that conduct IT and legal contract assessments during the new normal phase and over the following months have the advantage of discovering potential IT and contract issues before they cause harm. In addition, vendors may be more amenable to amending their contracts and pricing while they are also readjusting their business models and seeking revenue.

While it may seem that the best course of action during the crisis is reaction, now is the time to be proactive. Assessing current technology and corresponding contracts will allow companies to efficiently use and pay for the technology they have already licensed, to better plan for their future needs, and to adjust the most problematic contract terms to protect the company against future damages and liabilities.

---

Saraann Parker is a partner at Armstrong Teasdale LLP.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.

For a reprint of this article, please contact reprints@law360.com.