Most Read Contributor in South Africa, September 2016
When it comes to IT contracting, the big themes are change and
modernisation. As we witness the increasing investment into
IT-business projects intended to bring about change in
organisations such as cloud computing and Software as a Service
(SAAS), customers are embracing standardization as the industry
becomes more and more comfortable working with the cloud. Even in
bespoke outsourcing arrangements, there may well be more similarity
than difference, and smaller deals among multiple providers is
becoming the established model for IT sourcing. Outsourcers per
customer are multiplying, as is the number of service providers
each company uses. This is driven by the increased use of cloud in
general and SAAS in particular.
There is an increased emphasis on IT security/ cybersecurity and
the management of personal data, and in the absence of absolute
technical standards, agreements generally require the parties to
have appropriate technical and organisational measures in place to
safeguard against unauthorised or unlawful processing of personal
data and also against accidental loss or destruction of, or damage
to, personal data. In practice, this means that an organisation
should have appropriate security to prevent the personal data held
by it from being accidentally or deliberately compromised. This
translates to the following contractual obligations for
The design and organisation of
security should fit the nature of the personal data held and the
harm that may result from a security breach;
There should be clarity on who in the
organisation is responsible for ensuring information security
(achieved through an information security policy);
The right physical and technical
security measures need to be in place, backed up by solid policies
and procedures and reliable, well-trained staff; and finally
The organisation and vendor need to
be ready to respond to any breach of security swiftly and
In anticipation of the POPI Act, organisations will be required
to have a model data processor contract or model clauses for
contracts with suppliers who will be acting as data processors.
These contracts should also provide for the transfer of personal
data cross- border and as such, organisations will have to revisit
their data protection policies, or put one in place.
In the dynamic era of technology, traditional IT procurement
processes, (such as RFP processes) are becoming less popular due to
their expensive and time-consuming nature - by the time
proposals come in, the business requirements have often
In addition, supplier risk needs to be integrated into a
company's daily operations, moving from quarterly meeting risk
discussions to making key business decisions based on risk on a
real-time basis. This is also illustrated by the move from the
waterfall model of development to the Agile model. Most software
development contracts were designed for use with the waterfall
model, and can be difficult to reconcile with the principles that
underlie Agile. Under the waterfall model, the project is divided
into a sequence of distinct phases, starting with a detailed
planning phase where the project requirements are analysed and
documented. Once the requirements have been fully specified, the
project continues through the design, coding, testing and
integration phases, followed by the deployment of the final
product. Advantages of this model are that it provides a clear and
structured way to approach development projects, requirements and
design are formalised at the outset and clear milestones are
identify to track progress. However, problems with the model
include the intangible nature of software, which makes it difficult
to define the requirements in a clear and unambiguous way at the
outset, and it does not adapt well to change, which is essential
considering that the customer's requirements are likely to
change over time. To the contrary, the Agile model is iterative in
nature, i.e. development is carried out in short, frequent cycles
where working software is delivered at the end of each cycle.
Thus, organisations need to carefully consider the ever-changing
nature of information technology when establishing contractual
terms with their IT suppliers
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
There has been much discussion in the media regarding the use of virtual private networks (VPNs) in the United Arab Emirates (UAE), triggered by the recently announced Federal Law No. (12) of 2016 (the Amendment), which amends Federal Decree-Law No. (5) of 2012 on Combating Cybercrimes (the Law).
The philosophy behind the removal is to enable ISPs to bring down their internet data price as low as possible so as to gain more subscribers as well as make it cheaper for Nigerians to access the internet.
Anyone entering Qatar by way of the Doha International Airport has no doubt noticed the large billboards prominently advertising upcoming events, new real estate developments, fast cars, hot fashions, and any other information of potential interest to people here.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).