Vendor Statements of Work: Your Role as an IT Professional Theresa Rowe | June 2011 5 IDEAS • • • • • Sourcing Statement of Work Professional Services Agreements Management Control 2 THE WORLD OF MULTI-SOURCING • One way to get the work done is out-source with a Statement of Work (SOW). • Outsourced work is really a mix of in-source and outsource resources. 3 STATEMENTS OF WORK • Vendors will provide service, either short- or long-term, for your college or university, based on statement of work agreements. 4 YOUR ROLE AS THE “IT PRO” • What is the role of the college or university employee in managing the statement of work and making sure that the vendor delivers as promised? 5 STATEMENT OF WORK DEFINED • Formal document. • Describes work activities, deliverables and timeline. • Describes vendor action steps and university responsibilities. • Detailed requirements and pricing. 6 TYPES OF SOWS • • • • • • • • Staff augmentation Installation – hardware or software System implementation Design Development Outsourcing Audit and review Training 7 THE BASICS – VENDOR SIDE • What will the vendor do? • How will the vendor do it? 8 THE BASICS – UNIVERSITY SIDE • What does the university provide? • How much will it cost? • How long will it take? 9 THE LEGAL SIDE • Generally court decisions support vendor responsibility limited to items expressly identified in the SOW. 10 AREAS TYPICALLY ADDRESSED BY A SOW • Purpose. • Scope of work. • Detailed description of work. • Project timeline. • • • • • Deliverables. Standards. Special requirements. Acceptance criteria. Payment schedule. 11 PURPOSE • • • • Introduction. Project motivations. Why are we doing this project? General business language introduction. 12 PROJECT DESCRIPTION • Describes how the work will be performed, with resources. • Describe the nature of all the services that apply. • Generally describe location, hardware, software, people, security. • Describe expected benefits. • Use non-technical language. 13 SCOPE OF WORK • Describes the exact nature of the work to be done. • • • • What does “project start” look like? What does “project done” look like? State start and end dates. State what is out of scope. 14 RESPONSIBILITIES • University clients may be responsible for attending requirements meetings, reviewing deliverable in timely way, executing scenarios. • Vendors may supply hardware and technical tools for their staff, providing workspace for their staff. • Consider the role of sub-contractors. 15 ASSUMPTIONS • Personnel from the university and the vendor will have adequate time to work on the project. • Vendor will assign replacement staff within 72 hours of staff departure or unavailability. 16 PROJECT TIMELINE • Period of performance. • Consider start, deadline, allowable time, billable hours, competing projects, no response actions, and all aspects of scheduling. 17 DELIVERABLES • • • • Description of specific deliverables and outputs. Description of what is due and when. Consideration of interim milestone deliverables. Interim prototype. • Ownership of deliverables. 18 VENDOR KNOWLEDGE • Do you expect the vendor to bring expertise and best practices?... Or just work exactly to your requirements? • Consider specialized workforce requirements, such as years of experience, degrees or technical certifications. 19 STANDARDS • Description of internal and external standards. • Consider rules for legal and regulatory requirements: FERPA, ADA, Personally identifiable information, Payment Card Industry, etc. 20 LICENSED PRODUCT • Consider licensing and ownership of finished products. • Describe any open source license arrangements or contributions. • Consider graphic design and branding. 21 IDENTITY MANAGEMENT • Provide detailed step-by-step description for consumer and administrator login interfaces. • Describe the security and encryption of the login environment. • Can vendor staff share a single developer / trouble-shooter login identity? 22 DATA • Who sets the standard for data quality? • Point to university policies for relevant data classifications and security. • Describe data access and control methods. • Consider any extra non-disclosure agreements. 23 PLATFORM • Specifics about hardware, software, database diagrams, network requirements. • Consider integrations with other systems. 24 SECURITY AND RISK • Describe security requirements: firewalls, encryption, secure file transmission. • Consider VPN or secure connection language. • What insurance is required? 25 SPECIAL REQUIREMENTS • Travel and expense requirements. • Insurance requirements, even after end of agreement. • Third-parties and sub-contractors. • Non-disclosure agreements. 26 ACCEPTANCE CRITERIA • Specifies how the buyer or receiver will determine if the products or services are acceptable. • What objective criteria will be used to state the work is acceptable? • Support for launch or production implementation. 27 PAYMENT SCHEDULE AND TERMS • Payments breakdown. • Consider linkage to acceptance criteria and project milestones. 28 TYPES OF AGREEMENTS • Consider negotiating master business relationship agreement first. • In a hierarchy: General Contract Agreement, Professional Service Agreements, Statement of Work. • Campus standards for warranties, indemnities, and limitation of liability. 29 TYPES OF PAYMENTS • Fixed fee – Standard master single – Standard master with multiple projects • Time and Material • Services 30 WHAT GOES WRONG? • Lack of – – – – – – – – – – Detail – “Vendor will fix all problems”. Schedule with milestone dates. Performance standards. Data quality standards. Change control and scope creep control. Power to cancel. Payment tied to performance. Definition of required university responsibilities. Control of methods. 31 CANCEL AND TERMINATE • SOWs needs immediate termination or cancelation provisions. • Understand how the SOW relates to the Professional Services Agreement. • Cancelling the SOW does not cancel the PSA. 32 YOUR ROLE • • • • • • Reviewing terms and conditions. Negotiating the agreement. Defining measurables. Fulfillment of your end of the bargain. Holding the vendor accountable. Management assignment of the SOW. 33 RESIST SALES PRESSURE • Special deals if signed by vendor selected date. • Get the details. • Vendor SOWs are general outlines used for marketing or initial review. 34 MATCH SOW TO PSA • Resist signing the contract or PSA until a strong SOW is developed. • Negotiated PSA should include limitation of liability, disclaimers of warranties, indemnification and copyright language. • Don’t renegotiate or redo the legal language in the SOW. • Add language to the SOW that in the event of any conflicting language, the PSA terms are favored. 35 SOW TEMPLATE • http://www.educause.edu/MWRC11/Program /SESS12 36 CHECK SOW LANGUAGE • Start with general overview. • Include firm schedule with milestone dates. • Use precise language. 37 5 IDEAS • • • • • Sourcing Statement of Work Professional Services Agreements Management Control 38 THANK YOU Theresa Rowe rowe@oakland.edu