How do you draft a good Master Technology Service Agreement? What do you consider? What is reasonable? What is foreseeable? What is too remote? How do you respond to an Evidence Preservation Letter? What is your clients’ doom and gloom fears? These are all things that all technology and information technology consultants and teams have to consider and make good decisions on. Without having a good team of professionals that can identify the areas of risk for the clients, the method and means of exploiting known or identified vulnerabilities, and creating a prompt data security protection protocol you may end up losing out from a change in ISPs or IT vendors.
Having good change management procedures is vital to the success of your clients and to protect them from many would be competitors looking to acquire your clients’ knowledge, trade secrets and intellectual property. A good first step for protecting your clients is using good provisions in your Master Technology Service Agreements that all vendors have to comply with to ensure that the proper procedures are followed to ensure that key personnel, key clients, key vulnerabilities, key consultants and key terms and caveats are negotiated and drafted to protect against reasonably anticipated problems.
The Master TSA allows for a method of interjecting vital controls that can be adapted to the needs of the clients–sometimes all that is needed is a wise and seasoned Chief Technology Officer (“CTO”). Other times–key schedules and predefined procedures to follow for implement changes in information technology services or hardware. Sometimes good limitations on damages, warranties and representations and third party indemnification provisions are required to ensure that your clients are protected from potential errors in the change management procedures.
Finally, having good enforcement and corrective actions predefined and provided for in the Master TSA will save you a lot of headaches down the line–including delays based on the need for board or shareholder’s approval, manager or member’s approval, or similar delays that may be required in following corporate formalities. Sometimes a rigid adherence to corporate formalities can allow a problem to become bigger over time and based on delays–it is generally advisable to deal with these types of data security problems sooner rather than later.