There are a number of reasons why IT professionals could find themselves in the firing line, including: the greater dependency on IT for critical business functions; the continuing trend to outsource IT; the rise of a more litigious business community; the increase in global IT solutions and the resultant exposure to potential liabilities in multiple jurisdictions; and the increased use of complex networks and the Internet, which introduce new security and vulnerability issues.
However, CIOs and IT managers should be aware that there is something which can be done to reduce your risks. The checklist includes:
- Check your contracts: First and foremost, have a lawyer check all of your contracts.
- Specifications: Make sure these (and the business case which precedes them) are spot on--the more work done here the better. The performance expectations, in particular, should be very carefully explained in the specification and the contract drawn to reflect this.
- Use standard contracts: Use well tried "boiler plate" clauses--don't try and improve on these unless you have your lawyer's sign off.
- Limit your liability: Use the limitations available under section 68A of the Trade Practices Act to limit your exposure to the cost of the contract or service provided by you. Exclude all consequential and punitive damages wherever possible.
- Disclaim liability: Use appropriate warranty disclaimers, making sure they comply with relevant legal restrictions.
- Warranties: Don't give general warranties. Warrant only what you know you really can warrant--don't use warranties as a sales tool.
- Indemnities: Word these very carefully and make sure each party knows what their exposure is.
- Change Control: Ensure appropriate amendment procedures are in place and document all changes, even the most minor.
- Alternative dispute resolution: Try and include arbitration or even mediation as a means to resolve disputes before you go to court.
- Force Majeure: The IT industry is almost a "natural" for catastrophes, particularly in the on-line area.
- Severability: Ensure that you have an appropriate severability clause--one unenforceable clause should not bring the whole contract down.
- Insurance: Obtain appropriate professional indemnity insurance.
In my next column I'll touch on what IT managers should think about in the areas of quality control, operational controls and dispute resolution to minimise their own and their firm's risk exposure.
Andrew Fish is a special counsel at law firm Herbert Geer & Rundle. He can be contacted at afish@hgr.com.au
6%
3%
