IT projects are known to carry significant risk of delays, cost overruns, and generally unsatisfactory results in any business environment.
The uncertainty created by COVID-19 can cast an even more dubious light on IT projects and contracts that are already in flight, as well as make organizations hesitant to move ahead with planned IT initiatives. However, even under the current circumstances, customer organizations can be prepared to address the resulting risks by understanding and leveraging the following key legal rights and remedies under their IT contracts:
Business Continuity/Disaster Recovery
IT contracts often contain specific obligations of the IT vendor with respect to business continuity, contingency and disaster recovery planning. Specifically, the IT vendor should have a documented contingency plan in place, setting out the emergency back-up procedures which the IT vendor will implement where necessary with a view to preventing any delay, interruption or disruption to the services or any non-availability of the services.
Customers should ensure they are provided with a copy of each IT vendor’s contingency plan to understand what the vendor’s obligations are regarding disaster recovery or business continuity (including, without limitation, the obligation to keep providing services and to maintain the customer’s systems where applicable), as well as what happens if there is an interruption to the customer’s business as a result of the current circumstances.
One of the key tools in managing the risks associated with IT projects, and in particular during the uncertainty surrounding COVID-19, is a strong project governance structure with clear lines of communication and escalation of issues. Strong project governance ensures that the right people in both the customer and IT vendor organizations are aware of progress and problems, and have an established path to elevate problems from the technical team to the executive team quickly.
Project governance is also essential in terms of keeping issues and delays within the scope of the project and outside of the change management process where additional costs are more likely to be incurred. Proper project governance is key, particularly in the current circumstances, as remedies in the contract won’t save a project that is poorly managed. Customers should ensure that the project governance measures in their contracts are well-supported (including ensuring appropriate resources are committed to such processes) in order to maximize their benefit as a risk mitigation tool.
Project and Payment Milestones
One of the most successful tools to manage the risks associated with IT projects is a stepped commitment process, which allows the customer to separate the risks out by phase and to ensure completion and satisfaction before moving to the next phase or providing a full commitment. The stepped commitment process is supported through key project and payment milestones which represent material components of the project which are linked to measures that motivate timely performance, such as fee credits, delayed payment, escalation requirements, mandatory remediation plans and termination. Accordingly, a stepped commitment process can also be invaluable to customer organizations in the circumstances surrounding COVID-19 in terms of the customer opting to delay the next phase or the project or, where the IT vendor’s services have been delayed, to correspondingly delay payments. Customers should ensure that the project and payment milestones in their contracts are well understood and communicated, and are managed accordingly.
Depending on how it is worded, the force majeure clause may actually provide considerable protection for the customer (as well as the IT vendor) in the event of delays in performance caused by COVID-19. In particular, the force majeure provision may provide key rights for the customer in terms of obligating the IT vendor to continue providing non-impacted services, obligating the IT vendor to work toward a timely solution, as well as giving the customer the right to terminate for cause in the event of an ongoing or unremedied force majeure circumstance.
It will be important for customer organizations to ensure that they understand and follow the applicable processes set out in their contracts in relation to force majeure in order to maximize the benefit of the provision.
We have significant experience negotiating, supporting, and providing project rescue services in relation to all types of IT projects and contracts. We can review and provide practical advice on how to deal with disputes or issues with IT vendors. Please contact any member of our Science & Technology Team to discuss any specific questions or concerns you may have.
For more information addressing privacy and technology concerns for organizations read our COVID-19: Five Considerations for Organizations to Manage Privacy, Security and IT Issues blog.