Contract Nerds

Checklist: 5 More Issues in Data Protection Agreements (Pro-Controller)

In the first part of this series about Data Protection Agreements (DPAs), I covered five common privacy-related issues. But not all data is “personal data.” There are many other types of non-personal data that a company can own, such as confidential, sensitive, and otherwise private or proprietary data. While data privacy risks are lower when dealing with non-personal data, said data could still be commercially sensitive and valuable to your organization. In this article, I will cover five common non-privacy-related issues for customer/controllers to consider when negotiating a DPA.

1. License to Use Customer Data

This clause should set out that each party owns their intellectual property, each party provides a mutual exchange of licenses to their respective intellectual property, and details what exactly the other party can do with the intellectual property. You as the customer will need to provide a license to your customer data (both personal and non-personal) so the SaaS provider can use it in connection with the platform.

Be mindful of the scope of the license granted here. Some SaaS providers request a right to use your information to “improve the performance of” their platform or for “market analysis.” This type of language affords a processor quite broad rights to your data. Where the data is highly commercially sensitive, you should either push back on this language in the redlines, insist that any such data is anonymized and de-aggregated, or draft further limitations on the use and disclosure of your data.

Data aggregation and anonymization are not necessarily the panacea to this issue.  If you are the only provider of a particular service or one of a few providers in your field, a determined processor can find a way to identify your data by combining it with other pieces of information from their own (or third party’s) database or from public information on the web. For example, anonymized data could provide that “a” company was founded in 1955 and has 38,000 locations to date. A simple Google search combining those two bits of information would give away that the company being described is McDonald’s. To mitigate this risk, you could propose a contractual obligation not to reverse-identify, such as, “Supplier will not attempt to or actually de-identify any previously aggregated, deidentified, or anonymized data.”

2. Audit Rights

One of the key challenges encountered when negotiating a DPA is securing appropriate rights to audit. On the one hand, as a customer, you want to ensure that you have appropriate access to data centers to ensure your data is being held securely. On the other hand, you have a SaaS provider operating a one-to-many service model, meaning they have promised all of their customers the same level of confidentiality and security. This uniform approach may be compromised if you are offered unfettered rights of audit and other customers are not.

Depending on the customer profile, value of the deal, and hosting restrictions, SaaS providers may either permit you to conduct a limited audit at your expense or provide you with a summary report of their audit.  Where an on-site audit is permitted, it should be during business hours, at a time convenient for the SaaS provider, and with their experts on hand. This is required so that they can maintain confidentiality across their network.

Unless you are subject to regulatory outsourcing (see below), you are more likely to be offered access to an audit report or executive summary prepared by an independent auditor. The audit report will generally set out how the auditor’s data security measures comply with industry standards. The two most common sets of industry-standard are based on compliance with ISO27001 and the preparation of a SOC 2 report. Where particularly commercially sensitive data is being shared, it would be useful if a member of your Information Security team reviewed these reports to determine how well the provider has performed in the audit.

3. Regulatory outsourcing

If you work for a business in the financial services sector in Europe, chances are that you will fall under the jurisdiction of either one of the EBA, EIOPA, or ESMA. Each of these authorities has published guidance on outsourcing with cloud providers. It would be worthwhile to review these guidelines as they mandate specific provisions (such as audit, data security, availability of services, and termination) that must be included in your cloud outsourcing agreements.

Some cloud providers, like GCP, have been on the front foot and have produced regulatory maps setting out how their terms and conditions can assist their customers to comply with their regulatory requirements. A good example can be seen here.

4. Insurance

Having moved in-house with a cyber insurance business, I have learned how important it is for businesses to have appropriate cyber insurance coverage. Particularly in the current climate where cybercrime is on the rise and more and more businesses find themselves facing cyber security incidents.  A recent report shows that the cost of a ransomware attack in the UK could cost $1.08 Million. On this basis, it is a good idea to include an obligation on the SaaS provider to obtain and maintain appropriate coverage for privacy and cybersecurity liabilities, large enough to cover potential losses which may be incurred and to provide evidence of such insurance on written request.

5. Transition

While we always plan for successful long-term relationships, every agreement should consider how the relationship will end. Where data is involved, it is useful to understand:

how long it would take to download your data;
how easy it would be to migrate to another provider;
whether the data can be downloaded in a useful format; and
whether or not you require assistance in migrating data.

The key risk to avoid with this clause is being locked into using the same vendor and being in a position where you cannot move to another provider because of operational complexity. Responses to these questions will enable you to draft an appropriate termination clause to move between providers with minimal operational disruption.

*              *              *

For five other common issues you may face when negotiating a DPA, check out the first part of this series.

The post Checklist: 5 More Issues in Data Protection Agreements (Pro-Controller) appeared first on Contract Nerds.

Checklist: 5 Common Issues in Data Protection Agreements (Pro-Controller)

In one of my first interviews after leaving law school I was asked by several interviewers, “If you had 10 minutes to review an agreement, what would you do?”

After some carefully bought time sipping water, pausing, contemplating, and putting my thoughts together, I laid out a very simple roadmap that goes to the heart of every contract—specifically reviewing high-risk areas of the contract i.e. termination, liability, and services before deciding on whether to sign. Fortunately, this thought process proved that I was not that much of a risk and helped me land my first job as a paralegal, prior to my training contract. In a way, we all work through checklists when approaching new tasks. In my capacity as a technology lawyer, I’ve created a similar mental process when reviewing Data Protection Agreements (DPA) that are frequently attached to SaaS agreements.

As a lawyer based in the UK, the majority of deals I work on involve the exchange of personal data between counterparties governed by the Data Protection Act 2018, UK GDPR, or EU GDPR. The consequence of non-compliance with these data privacy laws is large administrative fines and significant reputational harm. That’s why it is imperative to pay particular attention to data protection issues where personal data is involved. This article is split up into two parts and looks at the more densely negotiated controller-processor relationship and some of the key negotiation points parties often encounter in the DPA, with my go-to negotiation tips for customers/controller.

1.      Type of Personal Data

Its always good to get a handle from the outset of a transaction and understand the following:

What personal data is being processed?
How much personal data is being transferred and for what purpose?
What category of data subjects are involved?
For how long will the data be processed?
What technical measures are in place to protect the data?

Fortunately, this level of information is usually set out in a table at the back of a DPA, the details of which are required under Article 28 of the GDPR.  It’s always good to read through this first and check this through with the business for accuracy so that you can take a view as to how great the data protection risk is.

If for example the only data being exchanged are low levels of contact data of several employees within your organization, you may not need to spend much time reviewing the DPA. However, if the processor is for example handling payroll across your organization you are likely to review the DPA more carefully.

2.      Location of Origination and Transfer of Data

Ideally, you will want to ensure your data stays in the UK or EU to avoid the international transfer restriction (see Article 46 of the GDPR). Check with the SaaS provider to see whether you have the option to determine where your personal data is stored and if you can implement a data localization policy. This will allow you to control the location of where your personal data is stored.

If your data does need to be sent outside the UK or EU, then it should be done in a compliant way. You should seek to have assurances that either the EU Standard Contractual Clauses or UK Addendum are in place for transfers outside of the UK or EU respectively. Following on from the Schrems II case, you should also consider as part of your due diligence process conducting local country risk assessments, to ensure that the jurisdictions you are sending data have equivalent privacy laws to protect your data and consider if any additional measures are required to protect your data.  Some providers do provide copies, on request, of their local country risk assessments, which they conduct when on-boarding their sub-processors.

The risk here is if your personal data is sent to a country with data privacy laws that do not provide data subjects with an adequate level of protection, you may be in breach of the international data transfer restriction (see Article 46 of the GDPR). By way of example, you may be in breach of the regulation if a foreign public authority accessed your personal data held in a data center where they had jurisdiction. A German company was fined last year by the regulators for failing to consider if additional measures were required to protect personal data sent to US-based Mailchimp.

3.      Approval for Sub-Processors

Moving down the supply chain where the SaaS provider uses subcontractors (aka sub-processors), data privacy laws require that data processors notify data controllers of any sub-processors being used and obtain the data controller’s permission or general authorization.

Practically speaking, it’s always a good idea to request a list of who may access your personal data and what they will be doing with that data so that you can conduct your own due diligence on these sub-processors to determine if they are credible and in particular their history with regulators.  In most cases, the SaaS provider will be using sub-processors with an established history, your key concerns may be more related to where sub-processors are located. Some providers may allow you to select which sub-processors can access your personal data, in which case you may set out a list to the provider of your approved sub-processors.

It’s also useful to ensure that you are notified in advance of any changes or modifications that have been made to the list of sub-processors so that you have a chance to object or move your personal data to another platform. You can usually request email notifications.

Fortunately, most established SaaS providers are aware of this issue and can make accommodations in their DPAs.

4.      Notification Requirements

Article 28 of the GDPR specifies a range of clauses that must be included in a DPA. These include confidentiality of personal data, notification of data breaches, and responding to data subject access requests. it’s a good idea to review these requirements and, in particular, the notification requirements to ensure they are sufficiently well drafted to protect your position.

The standard position in the GDPR is that a data processor “should notify the controller without undue delay,” whilst the responsibility to notify the supervisory authority sits with the data controller (i.e., you) and the timeline for a data controller to provide such notice is “without undue delay and in any event within 72 hours of becoming aware”. Where the data protection risk is significant, you should rightly push for the notification window to be within 24 hours and for the data processor to provide you with as much information and detail about the data breach as possible.

5.      Limitation of Liability

Given the large fines issued by regulators in this area, SaaS providers are keen to ensure that their contracts reflect a balance of risk.

It is common to see parties negotiate separate larger caps (aka super caps) on liability to address this issue. Ideally, if you can secure an uncapped indemnity from the data processor, that would be the best option for you.  However, this is only really worth the paper it’s written on if the SaaS provider is financially stable enough and has the necessary insurance policies in place to give this transfer of risk any grounding.

A middle ground would be to negotiate a super-cap for data privacy breaches that is separate from and higher than the general cap on liability. This could be a set six-figure sum or a multiple of the fees paid under the Agreement.

What you want to avoid is lumping data privacy breaches in with the general limitation of liability cap. For example, most limitation of liability caps are calculated using the 12-month rule. Namely that the monetary cap will be the amount payable or paid by the customer in the 12 months preceding the claim. This amount is usually insufficient to capture the risk of a data privacy breach which could be the greater of €20 million or 4% of global turnover under the GDPR, depending on the number of individuals who were impacted by the breach and the level of sensitivity of the data breached.

Another point to watch out for are attempts by SaaS providers to exclude liability for any unauthorized access to personal data (i.e. if there has been a data breach). Ideally, you should push back on this, as it would significantly limit the damages that may be recovered in a data breach scenario. To get an idea of how much non-compliance with data privacy laws could cost a controller, it is worthwhile to review the regulator’s enforcement notices (link to ICO’s page provided here). Interestingly the UK is softening its approach on international transfers and a new bill is currently passing through parliament which prescribes a more “risk-based” approach to international transfers.

*               *             *

SaaS providers operate on a one-to-many services model and are usually reluctant to make changes to their contracts. However, in recent years, SaaS providers understanding of their customer’s regulatory pressures have matured and they have developed appropriate fall back positions and operational mechanisms to ensure their customers can meet their compliance objectives.

Data Processing Addenda are an interesting contractual beast that set out how parties will work together in handling personal data. Its useful to be aware of some of these key issues before you review a DPA as these will feed into the wider contractual negotiation on price and expected service levels. As a technology lawyer, it pays dividends to understand the technology that the service provider is offering, and in particular how it can interact with privacy-enhancing technologies and techniques (i.e. encryption, access control, anonymization, pseudonymization)  so that you can ensure data you send outside your organization is protected.  Stay tuned for Part II of this post with five additional data protection issues in SaaS agreements.

The post Checklist: 5 Common Issues in Data Protection Agreements (Pro-Controller) appeared first on Contract Nerds.

Leveraging CLM to Check all the Boxes for Effective Contract Risk Management

Contracts are, without a doubt, one of your organization’s most valuable assets. But they also represent tremendous potential risk. Just consider the Twitter vs. Elon Musk lawsuit that turns on ambiguous contract language at the center of the skuttled $44 billion deal. The business landscape is littered with further examples of organizations paying a steep price for failing to diligently manage contract risk.

Effectively assessing and minimizing potential hazards contained within each active agreement in your portfolio is a mission-critical priority.

The Crippling Costs of Unmanaged Contract Risk

According to research conducted by World Commerce & Contracting, ineffective contract management practices cost businesses an average of 9% of their annual revenues—a massive hit to the bottom line of an enterprise of any size. Failing to mitigate contractual exposure can have a catastrophic effect, exposing your organization to a multitude of risks, including:

Missed contractual obligations and deliverables
Failure to meet contract thresholds
Regulatory non-compliance
Non-compliance with internal policies
Revenue leakage
Cost overruns
Scope creep
Lost business opportunities
Legal exposure
Loss of intellectual property
Reduced bargaining power
Ineffectual demand management
Uninformed purchasing
Deliberate contract manipulation
Damage to business reputation

By carefully managing risk exposure, your organization can ensure that your active contracts serve as an invaluable asset rather than an overlooked liability.

The Impediments of Data Silos

The full value of contract data is only realized when it becomes a resource shared enterprise-wide with stakeholders having complete contract visibility. However, holding contracts captive in data silos—where data is controlled by a single department and isolated from the rest of the organization—leaves your stakeholders blind to contract data and severely limits its value to your organization.

From negotiation through implementation and maintenance, a contract requires the expertise and input of personnel across the enterprise—not just the attorneys who draft the contract. But also the team members who will be charged with successfully executing it. Providing all stakeholders across functions and systems with direct, easy access to essential contract data enables them to understand the terms of an agreement, and how they are meant to fulfill those terms. This cultivates partnerships, both internally (between individuals as well as departments) and externally (between the organization and its commercial partners).

Clearly, implementing an effective contract management system is essential for mitigating risk. So how do you determine which CLM is right for your company?

Start with a Requirements Checklist

A smart way to begin the process is to take stock of everything you’ll require from your contract risk management system. Simply draw up a checklist of requirements. This checklist will help you identify the priorities for developing a system that infuses your organization with the ability to efficiently identify, reduce, and resolve exposure to pitfalls at every stage of a contract lifecycle.

As you compile your checklist, keep a tight focus on the following essential qualities of effective contract risk management:

Change management – Your system must allow you to maintain a trail of all changes and amendments made at every stage of each contract, including changes in the scope/statement of work (SOW) and master service agreements (MSA); updates to clauses, pricing, and schedules; terms and conditions; and any amendments or addendums that might introduce new risk to the contract. Failure to communicate changes and maintain a complete audit trail of approvals, changes, and sign-offs undermines the ability of stakeholders to remain up-to-date on contract terms.
Transparency – All stakeholders must be able to easily access an agreement to ensure it is executed. Contract transparency empowers everyone to understand the scope, recognize the risks and compliance requirements, follow the schedule, and review timely updates.
Collaboration ─ The best contracts are made and maintained when legal teams, technical teams, and subject matter experts work together at every step of the process to define a contract’s scope, identify risks, resolve issues, and clarify responsibilities. Insufficient input from key stakeholders could result in your organization bearing the burden of excess regulatory and financial liabilities.
Consistency ─ Standardized contract language applied consistently enterprise-wide protects against deviations and minimizes exposure across your contract portfolio.

A comprehensive checklist can help you identify the requirements and objectives of a system that will reinforce the guardrails protecting your organization against contract risk. But how do you actually put those processes into place in a consolidated, centralized system?

The answer is state-of-the-art contract lifecycle management (CLM) software.

Checking All the Boxes with AI-Led CLM

A smart, AI-led CLM system unlocks the full potential of contract data to create efficiencies and mitigate risk at every step in a contract’s lifecycle. By digitizing contracts, AI-powered CLM enables contract extraction and analytics across hundreds of metadata and clauses. This digital transformation creates smarter contracts that provide transparency, encourage collaboration, and strengthen compliance across the enterprise.

SirionOne’s AI-led platform empowers legal teams to pre-empt risk and create progressively stronger contracts. Unstructured contract data is captured at a granular level, then transformed into organized information that is easily retrieved in a central repository. Intelligent workflows and advanced reporting capabilities help ensure that obligations are fulfilled. Sophisticated analytics capabilities coupled with deep visibility into the entire contract portfolio can be leveraged to identify jeopardy buried within contracts, enabling stakeholders to proactively identify potential issues before they can disrupt business.

SirionOne further minimizes contract deficiencies by standardizing contract language and processes across the organization. Libraries of standardized templates and pre-approved clauses ensure stronger contract language. AI-led risk-detection flags missing clauses and deviations, automatically identifying contracts lacking necessary obligations.

Transparency is enhanced by providing direct access to contract documents and a 360-degree visibility into milestones, KPIs, and more. Stakeholders can access the enterprise’s contracting history as well as its portfolio of active contracts, including obligations that include compliance requirements, terms and conditions, and expiration/renewal dates. Timely visibility reduces the risk of non-compliance, auto-renewals of non-performing contracts, and missed opportunities for contract optimization and re-negotiation.

Finally, SirionOne breaks down data silos to connect people and systems with vital contract data. It serves as a single source of truth, with all stakeholders enjoying centralized access through a controlled hub to the same set of data on a secure cloud. Its collaborative interface enables individuals and teams enterprise-wide to monitor milestones, due deliverables, and compliance requirements; assign actions and tasks; collaboratively author and redline contracts; and set custom alerts to ensure that contract obligations are met.

In short, SirionOne’s transformational CLM platform satisfies even the most comprehensive contract risk management checklist.

To find out more about SirionLabs’ smart, AI-led CLM technology solution, download the Smarter Contracting for Legal eBook.


If you liked this article, be sure to subscribe  to our weekly newsletter  where we send a new blog post about contracts to your inbox every Wednesday morning . Our newsletter also includes free events and free resources about contracts. We were recently ranked the #1 blog for in-house counsel, but our community is here for all contracts professionals. Come join us as we learn, grow, and create better contracts together. 

Plus, you can join our growing community of 20K+ contracts professionals by  following us on LinkedIn.

For those of your interested in streamlining the redlining process – less back and forths please– be sure to subscribe  to our newest LinkedIn newsletter, Read Between the Redlines, which provides tips, tricks, and workarounds for redlining contracts using MS Word Track Changes.

The post Leveraging CLM to Check all the Boxes for Effective Contract Risk Management appeared first on Contract Nerds.

New to Contracts | 5 Steps to Find and Cultivate a Mentor

My life thus far has been a product of mentors who have taken their time (which they don’t have much of) to give me their hard-fought wisdom.

In my experience, there are two types of mentors: the first type is in our lives by osmosis (think parents, siblings, teachers, etc.). With this type of mentor, you don’t necessarily need to find them. For instance, my favorite high school teacher happened to be assigned to me like most other teachers in high school, but yet spent a lot of time helping me with college applications, my essay, and selecting a college. Or consider my parents and grandparents who instilled in me the meaning of hard work, determination, and generosity.

The second type of mentor, however, you need to find. People who have a non-biased, third-party perspective, who will give you that tough love, don’t find you on their own. For instance, in the working world, you may not feel comfortable discussing a problem with your boss or discussing with them your short-term or long-term career desires beyond your current company. But these are critical discussions to have; without them, will you take that risk in taking a role outside your comfort zone, will you have the sounding board to have that uncomfortable but necessary frank conversation with a coworker, or will you have someone to tell you that you are wrong? The below steps have worked for me and may help you find a mentor while accelerating your career in the process.

Consider Your Ideal Mentor and Be Ruthless in Your Definition

Consider Prior Constructive Feedback. Be honest with yourself about constructive feedback that you have received over the years, especially the feedback that has come up more than once. Write these points down.
Real Mentor. You want your mentor to be someone who has either experienced growth through the same or similar constructive feedback or is in the ideal position you want to be in in 5 to 20 years. For instance, if you are someone who struggles to wrangle your calendar, your mentor could be someone who, among other qualities, has a great organizational system. Additionally, if you see yourself as the general counsel of a public company in 20 years, or as the director of lease contract management of a real estate company, write that down too. You want a mentor who has taken practical steps to overcome constructive feedback and can give you practical advice to get you where you want to be.
Define. After conducting the above exercise, narrow these characteristics to a list of three. This allows you to be ruthless in finding and selecting a mentor that will provide actionable value to your career. Sure, a mentor who is currently a GC at a public company can give great advice if that is what you want, but imagine finding a GC at a public company who is a great public speaker, is really skilled at redlining, and made the transition from a private company to a public company. Taking the time to be ruthless in your definition will inevitably lead to a longer time to find a mentor, but will provide more value.

Send Out Requests for a Mentor

Post on LinkedIn. You may be surprised at the amount of people who directly want to mentor you or know someone who might.
Ask your law school or other place of education. Contact your law school or educational institution career center. They will likely know someone who would be happy to mentor you.
Join professional organizations. These organizations are a wealth of networking opportunities. Find a few people who fit your mentoring profile, then offer to buy them coffee.
Ask your coworkers, peers, friends, and family. Ask your network if they have anyone they could recommend and could reach out on your behalf.
Ask your outside counsel or other lawyers and contract professionals. These individuals have an interest in assisting you, as it reflects well on them as your service provider, and since they likely have vibrant networks that they can leverage for you.
Attend networking events and actually network. In-person networking events are returning and they are a great place to connect with mentors in real life. Make sure you attend networking events with a goal in mind. Who do you want to meet? What questions could you ask to learn more about them? If you’re interested in networking with in-house lawyers, then Contract Nerds is hosting in-person mixers in Los Angeles and Seattle this summer!

Have an Initial Meeting with Potential Mentors

Schedule the Meeting. Once you have a list of potential mentors, or perhaps just one “candidate,” decide which ones you would like to have as your mentor. Then set up an introductory meeting. I would not recommend setting up meetings with mentors who you are unsure of, as this would be rude. This meeting should be casual where you both get to know each other. By the end of the meeting, share with them that you are interested in having them as a mentor, why you think that, and that you would greatly appreciate it if they would consider this.
Work on Their Time. When you schedule this introductory meeting, and throughout the mentorship relationship, it is important that you work on their time, their time zone, etc. to show that this mentorship relationship will not be a hassle for them. Pro tip: Use their administrative admin if they have one, and treat this person as well as you would treat your mentor (see gratitude section below).
Offer to Help. Mentors are usually pretty busy with their full-time job and mentoring others. A powerful method to get even closer to them is to offer to help them with a personal task or project. For example, offer to help them set up for an event they are hosting, or offer to take notes at a webinar they cannot attend.

Establish Your Expectations and Meeting Cadence

Agenda. Will you send an agenda before each meeting, or will you come to the meeting with what’s on your mind that day, or somewhere in between? Work with your mentor to define what will work best for you. There is no best practice here in my opinion; rather, what works best for your personality types?
Cadence. Will you meet bi-weekly, monthly, or quarterly? Again, there is no best practice here in my opinion; rather, what works best for your personality types?
Duration. If you are meeting more frequently, I recommend 30-minute meetings that have a set topic. If you are meeting less frequently, I recommend one-hour meetings that can either have an agenda or not.
Rescheduling. What is your comfort level rescheduling? It is, in my opinion, a best practice to establish that if a fire-drill comes up at work, you should be able to reschedule, of course, within reasonable limits and with respect to each other’s time.

Show Your Gratitude, Consistently

E-gift cards. You can email Starbucks gift cards. Enough said.
Handwritten thank you notes. Handwritten thank you notes break through the noise of crowded email inboxes and LinkedIn messages. The time it takes to write these letters, find stamps, and put them in the mailbox shows your gratitude on another level.
Social Media Engagement. If your mentor is a frequent poster or content creator, be sure to engage with their posts by liking them and leaving comments.
Content. Mentorships can be a two-way street, and often these are the best ones. If you see a great article, book, or webinar that your mentor would find particularly relevant, send it to them!

My next blog will address how to find peers who are in the trenches with you, who are not necessarily mentors in the traditional sense, but with whom you can grow side-by-side.

*                       *                       *

Tune in to more articles in the New to Contracts? series by Jack Terschluse—Corporate Counsel and Head of Procurement at Balto­—exclusively here on the Contracts Blog. If you’re not already a subscriber, we welcome you to subscribe here to our weekly newsletter providing new articles, free events, and other resources on contracts. #contractnerds #newtocontracts

The post New to Contracts | 5 Steps to Find and Cultivate a Mentor appeared first on Contract Nerds.

How Contract Managers Can Unite Procurement & Legal

Most companies have both a Procurement department and a Legal department. But not all of them have a Contract Manager function or team.

Having worked in Procurement for over seven years, I have learned that contracts are not just for Procurement or Legal. They are the core of a Business and everyone who works within the Business has a vested interest in the contract review process.

That’s why it is so important for Legal and Procurement to be aligned. And Contract Managers can help serve as a valuable bridge!

Legal vs. Procurement

What you might discover, if you look closely, is that Procurement and Legal often don’t get it right with one another. This still baffles me.

These two departments are typically going through similar business challenges, such as:

Proving their worth to executives and internal team members;
Being considered as a value generator and not a revenue generator;
Struggling to engage in deals early on; and
Working against a ticking clock where time is always of the essence.

But yet, one common issue I see that largely stems from Procurement teams is the lack of early engagement with their Legal team. This approach is unacceptable, especially when Procurement are screaming for early engagement with the rest of the business.

With Legal, it’s often that they don’t get enough information from the business to properly draft or negotiate a contract. This frustration then comes Procurement’s way with lots of residual questions and back-and-forth emails. Delaying the contract review process instead of speeding it up.

It’s a mess of frustration and shows a lack of thoughtful process creation between the two teams. The key to resolving these challenges lies with the role of the Contract Manager who can unite the Legal and Procurement departments.

The Contract Manager’s Role

A Contract Manager has been defined in various ways online and within our industry. My definition is this:

An individual, who has knowledge of contract law, the operations of contracts, risk and supply chain, who can undertake the review, negotiation and management of contracts in the business”.

This role is one that can sit in either Procurement or Legal. It doesn’t matter much from a practical standpoint. What matters is that this role has the full support of both Procurement and Legal teams, that it has escalation points in both teams, and that it should have a level of autonomy (much like a Solicitor would have in-house), to advise against anything that would harm the Business.

The role of a Contract Manager should be that of a conduit. A conduit is a connector, and I see the Contract Manager connecting:

Procurement and Legal
Commercial matters with the entire business
Suppliers with Procurement & Legal

The Contract Manager will work across the entire business, handle all contract reviews (perhaps with additional external/internal resources), protect the Business from key risks, and be responsible up to the point of contract signature for any issues, risks, negotiations etc.

Who is Responsible for Contract Lifecycle Management?

Once the contract is signed, the Contract Manager should assist the entire Business, including the end-user, in managing the contract throughout its life.

The Procurement and Legal teams are often too far removed from the day-to-day operations of the supplier to manage the contract across the entire lifecycle. Procurement teams are already focused on their next sourcing activity whilst trying to focus on their key suppliers to ensure that their services to the company are at the levels required. Legal is often called upon for other matters, responding to legislative changes, client requests, preparing for future investment rounds and the oversight of the supply chain. While they all recognize the importance of performance management, is never on their daily agenda.

You can see that this is problematic unless you empower your Business to manage the suppliers. It is impossible to manage all of those supplier contracts through Procurement and Legal.

This is where the role of the Contract Manager is vital – they can set out the escalation processes, they can join the performance management calls with the suppliers, they can assist the tracking of SLAs, KPIs and other metrics that you need. The Contract Manager can be that role that gives contractual and commercial expertise to the rest of the business to ensure that the contracts deliverables are met and potential exceeded.

Mastering Your Skills as a Contract Manager

To be successful, the Contract Manager needs to take the following elements into account:

Supply Chain
Commercial Negotiations

This combination is needed so that the Contract Manager can talk to both Procurement and Legal, understand the priorities for both and bring them into the foreground to ensure that the business gets what it needs whilst delivering on the procurement and legal interests. Since I started out in the commercial world, at the intersection of Supply Chain, Procurement and Legal, I’ve always strived to be highly skilled in all five of these elements.

But how does a Contracts Manager learn these skills?

I wish I had an easy answer for you. The best Contracts Managers I have worked with have prioritized a mixture of academic study and learning on the job.

From an academic perspective, in my experience, I’d suggest the following:

Undertake a Law Degree, with a focus on Commercial and Contracts Law;
Attain at least a level 4 CIPS (Chartered Institute of Procurement and Supply) qualification;
Attain World Commerce & Contracting qualifications as you see fit.

When learning skills on the job I would suggest the following:

Ensure you get to work in Procurement for a year or two. Take on a role that allows you to work with contracts, NDAs, framework agreements and one that gets you involved in the vendor selection (RFx) process from start to finish.
Work closely with your warehousing team, logistics team, trade compliance teams (if applicable in your industry). You will get exposure to them if you undertake work in Procurement.
Ask to be included in any and all commercial negotiations. These are largely focused on risk allocation, pricing and delivery schedules.

With these skills, a Contract Manager is going to feel at home talking with Procurement and Legal, highlight concerns to each effortlessly, and ensure the best results are reached for the entire business. This certainly isn’t easy but it is necessary if you want to bridge the gap between Procurement and Legal and make positive changes for your Business.

The post How Contract Managers Can Unite Procurement & Legal appeared first on Contract Nerds.

Why U.S. Companies Should Adopt NEC Contracts

Would you like your contracts to be clear, flexible, and a stimulus to good management?

If yes, read on as I tell you about how NEC contracts are improving the way many organizations around the world contract! And why U.S. companies should start adopting them too.

The Current State of Contracts in the U.S.

A manager of mine (running a significant part of Mott MacDonald in the USA) once said, ‘I admire your enthusiasm, Richard, but as for trying to get NEC contracts used in the USA, you might as well just bang your head against a wall’.  I will continue banging! This is because I see myself as a bit of a disciple to Martin Barnes, who invented NEC way back thirty years ago – and why should the USA miss out on the opportunity?!

I am told that in the U.S.:

all major asset owners all have their own contracts and have no intention of changing them
the procurement rules are different in each state
there is little appetite in the U.S. for ‘standard forms’ of contract
you suffer massively from the ‘not invented here syndrome’ and have no time for seeing what is being used – and working well outside the U.S.
the lawyers rule the roost and do not want anything standard!

How on earth does that make sense when across the U.S. trillions are being spent in the construction industry. Just how much time and money is wasted drafting, reviewing, negotiating, and managing bespoke contracts?

There must be a better way!

Well, if you have got this far, please have a look at NEC contracts which are already being adopted in the UK, Hong Kong, South Africa, New Zealand, Australia, and Peru!

What are NEC Contracts?

NEC (formerly the New Engineering Contract)  is a family of contracts that cover projects, physical and professional services, and supply chain, and can be used in any industry. All the families are drafted with three clear principles in mind:

Clarity – brevity and plain language;
Flexibility – e.g., on the level of design by the supplier and the form of payment;

lump sum
bill of quantities
target contract

A stimulus to good management – a contract that is used day to day and is based on a series of clear processes.

The contracts are owned by the UK’s Institution of Civil Engineers (ICE) because they funded their development 30 years ago – but they can be used in any industry and any part of the world.

NEC contracts are specifically designed to be used in any legal jurisdiction. In some countries, minor changes are required to make NEC compliant with local law and NEC has published (so far) minor ‘secondary options’ to cope with the law in the UK, Ireland, New Zealand, and Australia. No doubt there will be minor changes required in the U.S. They are also very good at risk allocation and management.

How do NEC Contracts Facilitate Collaboration?

World over, people are looking for contracts that facilitate collaboration. NEC does just that with:

an obligation to act in a spirit of mutual trust and cooperation
a clear process for ‘early warning’ – and consequences if the supplier does not
a huge focus on the ‘program’ (oh, oh a problem there – you call it the ‘schedule’ – but do not let that worry you!)
a very clear, timebound process for managing what the NE calls ‘compensation events) (you probably call them claims!)
an option for a target contract that means that the Client has a direct commercial incentive to collaborate.

I have heard that the principle of ‘early contractor involvement (ECI) is getting some traction in the U.S. This is where a Contractor is employed in a ‘Stage One’ to work with the client to develop the deal for the ‘Stage Two’ to deliver of the project. NEC has that covered – either in two separate contracts or, with one of its options (X22), as a single contract. Perhaps this is a ripe starting point for U.S. companies.

Learn More About NEC Contracts

I wanted to keep this short and sweet and so will stop there. If you are interested and want to look a little further, please see Mott MacDonald’s Little Book’ of NEC.

The post Why U.S. Companies Should Adopt NEC Contracts appeared first on Contract Nerds.

How To Build Your Contract Operations Utopia

University of Cambridge researchers Stephen Cave and Kanta Dihal have identified four overarching themes in utopian scenarios featuring artificial intelligence (AI):

Immortality (Indefinite Spans of Life)
Ease (Liberation of Humans from the Need to Work)
Gratification (a Positive Experience Granted by Machines)
Dominance (The Power to Rule)

The researchers mentioned above even argue that these perceptions “can influence how [AI] is developed, deployed and regulated.”[1]

And…oh boy… artificial intelligence has been explored, alright…

The Utopian Business Value of AI

To explore how organizations can build a legal operations utopia with legal contract artificial intelligence, let’s explore the abovementioned overarching (albeit decidedly ideal) themes of an AI-based paradise as they apply to legal contract management processes: immortality, ease, gratification, and dominance.

Businesses across industries are already building their artificial intelligence utopias.

According to an MIT Sloan Management Review study, more than 80 percent of companies view AI as a strategic opportunity. Meanwhile, 85 percent of companies see AI as a competitive advantage. [2]

The artificial intelligence craze goes beyond simply viewing and pondering the hypothetical effects of an AI-based utopia.  A collection of surveys from Harvard Business Review found that up to a third of large United States companies are already leveraging AI “quite aggressively” – with hundreds or even thousands of projects involving artificial intelligence currently underway for business process automation[3].

These AI-based projects are occurring in myriad departments of various industries.

Legal Contract AI – A Utopian Competitive Advantage

The statistics above align with legal professionals’ interest in building a legal operations paradise on a foundation of AI-based contract lifecycle management.

#1 – The Virtual Immortality of Contract Intelligence

One cannot say point-blank that legal contract artificial intelligence is entirely immortal. However, the virtual immortality of legal contract AI in terms of clause recognition should not be ignored. Contract intelligence built on a foundation of machine learning proves to be a nearly inextinguishable, utopian force.

Legal professionals can utilize machine learning that locates standard clauses within a contract when it is added into a CLM software system. That clause language can be sent to training data for machine learning to continuously improve future clause recognition!  Contract AI can intelligently categorize clauses into an organization’s configured clause types while presenting a percentage of confidence in that contract clause categorization. That “confidence” can increase in perpetuity as long as new clauses are added to contract AI – making legal contract AI essentially impervious to process stagnation.

#2 – The Ease of Use of Legal Contract AI

The utopian ease of use of contract intelligence keeps organizations clamoring for more.

Legal ops professionals can drastically reduce the time needed to enter new contracts into contract management software. With legal contract artificial intelligence, organizations can watch as AI Identifies critical data such as contract types, effective dates, expiration dates, locations, contract statuses, assigned departments, names, confidentiality clauses, renewal information, and more – seamlessly mapping that data into tidied and organized user-defined and out-of-the-box fields. This contract data can be easily searched down to the level of phrases, terms, and words located within contract metadata, documents, and files. Data extraction processes can easily be edited and supplemented down to the field configuration level.

#3 – The Gratification of Statistical Data Analysis With Contract AI

Gratification can be defined as the satisfaction that results in the fulfillment of goals or desires. Regarding legal operations, contract management teams can enjoy fulfillment in achieving administrative goals with artificial intelligence tools that increase team accountability and help visualize success.

Contract administrators can analyze their teams’ usage of legal contract intelligence tools at a glance. A risk score can display a team’s percentage of risk tools used and provide insights into actions that can be taken to improve the risk score.

For example, “David’s” organization is only using 60 percent of its risk management tools. Furthermore, David’s organization’s AI-based contract lifecycle software system reveals that one of the factors contributing to this less-than-perfect score is a lack of proper time spent tracking contract approval status.  In this case, David’s organization can adjust how it tracks approvals.

By addressing this recommendation and others provided by David’s organization’s system, David’s team can adjust goals and experience the gratification of seeing their risk score get closer and closer to one hundred percent with exponentially improved accountability and process improvement paradise!

#4 – Dominance of Legal Contract Risk Variables & Risk Exposure

The dominance of contract AI over methods involving emails, spreadsheets, shared drives, and lone contract repositories for risk management is not even close. Outdated risk management methods can lead to violation of compliance rules and regulations, contract failure, lawsuits, a ruined reputation, data leakage, and worse.

Legal contract AI dominates other risk management tools by allowing legal professionals to pinpoint potential risk by systematically analyzing contract text and identifying positive, negative, and neutral language based on a rules-based sentiment, which can be configured according to an organization’s needs. Legal teams can mitigate risk based on historical data and company goals without evaluating contracts one by one.

Another dominant feature of contract AI that positions it far ahead of obsolete risk management systems is visually engaging risk tools. A risk assessment matrix can map risk variables and exposure while providing suggestions and alerts for improved risk response. An OFAC search tool can present an eye-grabbing categorization of OFAC risk on a one-off and recurring scheduled basis for entities flagged in the national sanctions lists of the Office of Foreign Assets Control within the US Treasury Department.

Enter Your Legal Contract AI Paradise Today!

All the tools mentioned above are just a scratch at the surface of a legal contract AI experience that evokes immortality, ease, gratification, and dominance – to name a few. To learn more about legal contract intelligence with machine learning, book a free demo today!

[1] Cave, S., Dihal, K. Hopes and fears for intelligent machines in fiction and reality. Nat Mach Intell 1, 74–78 (2019).

[2] Enholm, I. M., Papagiannidis, E., Mikalef, P., & Krogstie, J. (2021). Artificial intelligence and business value: A literature review. Information Systems Frontiers, 1-26..

[3] Davenport, T. H., Brynjolfsson, E., McAfee, A., & Wilson, H. J. (2019). Artificial intelligence: The insights you need from Harvard business review. Harvard Business Press.

The post How To Build Your Contract Operations Utopia appeared first on Contract Nerds.

New to Contracts? How to Accelerate Your Skills

Whether you are an attorney new to law firms, new to the in-house role, a new paralegal, a new legal operations specialist, or a new contracts administrator, starting your contracts journey is daunting. Even industry veterans still shudder at the sight of a fifty-page master services agreement with ten appendices!

And if you are leaving a law firm or a more established corporate legal department, you may not have the opportunity to walk down the hall to ask your friend a question about a novel area of contracts. Instead, a law firm may now bill you for that conversation.

Whatever your background, you may feel “outgunned” as compared to your peers who’ve been working with contracts longer. So, how do you accelerate your learning? A majority of seasoned contracts professionals learned what they know by teaching themselves. Luckily for us, we have lots of great resources at our fingertips to get us started. The below resources are those that I have used, and they are certainly not exhaustive!


The Tech Contracts Handbook: Software Licenses, Cloud Computing Agreements, and Other IT Contracts for Lawyers and Businesspeople by David Tollen
Startup Law and Fundraising for Entrepreneurs and Startup Advisors by Paul Swegle
Contract Redlining Etiquette: How to leverage the power of redlines for faster and smarter contract negotiation by Nada Alnajafi
Building an Outstanding Legal Team: Battle-Tested Strategies from a General Counsel by Bjarne P. Tellman


Contract Teardown with Mike Whelan about dissecting high-profile contracts with various guests.

Negotiate Anything with Kwame Christian Esq., M.A. about how to negotiate in various contexts, including how to negotiate contracts.
Data Protection for Breakfast with Andy Dale and Pedro Pavon about the latest and greatest in the fields of data protection and privacy.


TechContracts Master Classes – Paid online webinars about technology agreements.
How to Contract Training and Skill Development – Some free resources about contracts (including playbooks), plus more if you’re a paying member.
The Future of Contracts – Free virtual webinars with Olga Mack on everything contracts, negotiations, contract management, and digital transformation.

Industry Groups and Conferences

In-House Connect (IHC) – Free community for in-house members that hosts regular CLEs and webinars about all things in-house, including contracts.
TechGC and DeputyGC – Paid invitation-only community for venture capital funds and high-growth technology companies that helps GCs and Deputy GCs excel in their day-to-day jobs and supports them throughout their lives and careers.
Association of Corporate Counsel (ACC) – Paid membership for in-house members.
Consero – An invitation-only series of conferences that help senior legal professionals discuss their most pressing concerns.
Corporate Legal Operations Consortium (CLOC) – A paid member-based organization of legal operations professionals and others dedicated to improving the delivery of legal services.


Contract Nerds by Nada Alnajafi – A free weekly blog and newsletter containing their newest article about contracts from community experts, upcoming events about contracts, and other valuable resources. You can subscribe here.
Ten Things You Need to Know as In-House Counsel by Sterling Miller – A free blog and newsletter with articles on ten points for various in-house topics.
Above the Law – In-House Counsel – News and insights about the legal practice.

Various posts by Lisa Lang about succeeding as in-house counsel professionally and socially.
Various posts by Mey Ly Ortiz about developing your communication and networking skills as in-house counsel.
Various posts by Olga Mack about advances in technology and law.

LinkedIn Influencers

Alex Su – Transitioning from big law to legal tech. Also on TikTok.
Laura Frederick – Contract drafting and negotiation tips.
Nada Alnajafi – Contract negotiation and redlining tips.
Matt Margolis – Bringing a sense of humor to the in-house practice. Also on TikTok.
Lisa Lang – Thriving as a General Counsel and building your personal brand.
Heather Stevenson – General tips as in-house counsel and women in law.
I also post on LinkedIn about things you don’t realize until you go in-house.

Mentors and Peers

I recommend finding two to three credible professionals who are where you want to be eventually, and asking them respectfully if they’d be willing to be your mentor. Then, make sure to meet with your mentor on a regular basis to build and maintain the relationship.   Here are a few tips to help find that mentor:

Post on LinkedIn. You may be surprised at the amount of people who directly want to mentor you or know someone who might.
Ask your law school. Contact your law school’s career center. They will likely know someone who would be happy to mentor you.
Join professional organizations such as TechGC or ACC: These organizations are a wealth of networking opportunities. Find a few people who fit your mentoring profile, then offer to buy them coffee.

Also, try to find two to three peers that have the same level of experience that you do with whom you can talk honestly about the challenges of working on contracts or being an in-house attorney. Another blog post about this will follow soon!

*           *           *

If you’re new to contracts, be sure to check out the other articles in this series. Stay tuned for more on the New to Contracts? column by Jack Terschluse, exclusively here on Contract Nerds.

The post New to Contracts? How to Accelerate Your Skills appeared first on Contract Nerds.

Modern Comments vs. Classic Comments—Which Version is Better for Redlining Contracts?

Comments (those chat bubbles in the margins of a document) are a critical redlining feature for lawyers and contract negotiators because they help us explain the reasoning for our proposed changes, collaborate with internal parties, and ultimately drive contract negotiations forward.

According to a recent poll, 91% of contract negotiators (myself included) use Microsoft Word’s Track Changes features to redline contracts. As the number one most popular tool in our industry, it is important to understand how to use the features and tools correctly so that we can do our work as efficiently as possible. This means also staying up-to-date on new features and enhancements.

As of mid-June 2022, folks who use Word’s cloud offering called Office365 (whether on Windows or MacOS) can see a new set of comments features referred to as “Modern Comments.” The comments features previous to this 2022 rollout (also still in use for Word desktop-only users) are referred to as “Classic Comments.” Note: If you want to revert to Classic Comments, you can temporarily do so by following these steps.

For those of us leveraging Word’s Track Changes to redline a high volume of contracts, which version of comments is better—Modern Comments or Classic Comments? This article provides an overview of the new features, a pros and cons list to help us decide, plus a deep dive into how we should leverage the @mentions feature to run internal redlines with our internal business clients.

Overview of New Features

You know you have access to Modern Comments if:

Modern Comments includes the following new features:

@mentions will trigger email notifications to tagged accounts and can be used to assign action items or track conversations*ꜝ
Resolved comment threads won’t appear in the margin (though you can still find them in the Comments pane)
Comments can only be edited by their author
Users can customize how comments appear on the page
More shortcuts and ways to navigate and read comments using your keyboard and screen reader

* Only for enterprise customers using files stored in Microsoft Azure.

ꜝ Could be in direct competition with a company’s chosen contract lifecycle management (CLM) tool.

Pros and Cons List

Whenever I’m deciding between two things, I create a pros and cons list to help me compare apples to apples and visually understand my options. Here is my pros and cons list for Modern Comments in the context of redlining contracts.


Consistent design across all Word endpoints
Having to adjust to a new layout in Word

Greater control over and visibility into comments
More steps involved to change or post comments

Improved @mentions in comments with automatic notification emails assigning action items to or requesting responses from mentioned accounts
Only for enterprise customers using files stored in the cloud

Streamlined focus on active comments > resolved comments

Improved accessibility

I tried to think of more cons but I honestly couldn’t. These changes seem to have been made with contract negotiators in mind. In addition, they close the long-time feature gap between GoogleDocs vs. Word, solidifying Word’s top position as the number one most popular redlining tool. I wonder what GoogleDocs users will say next.

How to Use @mentions for Internal Redlines

Let’s talk specifically about the @mentions feature because this particular feature can have a large impact on the way we review and negotiate contracts with our internal business clients.

The @mentions feature already exists in Excel and PowerPoint on Office365—and GoogleDocs. Last month, if you were to ask me what is one redlining feature that GoogleDocs does better than Word, I would have said @ mentions. Now, I can no longer say that.

To activate the @mentions feature, enter the @ symbol plus a person’s name or email alias (e.g., their email address before the @ sign). Once activated, and only if you are an enterprise customer using a file stored in the cloud, the system will send an email notification to the person tagged and the person who started the thread. The email notification will provide a preview of the change and the comment. Tagged persons can reply to comments via the notification email or click a link in the notification email to open the document and go straight to the comment for more context.

The @mentions feature can also be used to assign tasks and operates the same way that normal @mentions do. The only difference is that the tag is recorded as a task and the person tagged can resolve it once the task is completed. To take full advantage of @mentions, you need to be an enterprise customer using files stored in Microsoft Azure.

This is a game-changer for contract negotiators because the lack of an organized method for internal collaboration is a leading cause of protracted negotiations. Put another way, one of the reasons contract negotiations take so long is that we haven’t had an efficient way of conducting internal negotiations. If you don’t have full access to @mentions, you can use my color-coding method to manually organize and track internal redlines. However, if you do, have full access, then in addition to the color-coding method, you can automatically assign tasks and notify internal clients of clauses that need to be reviewed. Like I said—game changer.

*          *          *

It’s no surprise that Microsoft has impressed us with this latest rollout. What is surprising though, is how much I was resistant to these changes. Then when I started researching the features as research for this article, I began to understand the many benefits that they have on the contract redlining process.

If you’re interested in learning more about tips and tricks for using Word’s Track Changes to redline contracts, follow me on LinkedIn. To learn more about contract redlining best practices in general, check out my book on Amazon.

The post Modern Comments vs. Classic Comments—Which Version is Better for Redlining Contracts? appeared first on Contract Nerds.

How to Make Your Boss Look Good When Reviewing Contracts

As an in-house counsel, you will likely be highly dependent on the relationship with one boss a level above you – as opposed to multiple law firm partners, for example. Whether you are revising a contract or performing other in-house lawyer tasks such as providing product counsel, an essential skill of an in-house lawyer is to look good by making your boss look good.  This article shares a few important techniques to keep in mind when you are reviewing contracts.

Keep up with product updates and industry standards that could affect your contracts

Your boss probably won’t have time to understand each granular product change or how it applies to your analysis of a contract or question from the business.  Your boss will rely on you to keep track of product developments, who decided them, when they are occurring, and their impact on client and vendor relationships.  Context is everything, so the product details really matter to how you mark up a contract.  A small change can alter the entire legal analysis or contractual risk. If you are on the sales side, then it is especially important that you understand the product or services your company is selling – and keep track of their updates.

Your boss will also rely on you to keep up with industry standards, and legal and regulatory changes that could affect contractual risk.  Read up on those changes – through industry blogs, client alerts from law firms, webinars, podcasts, etc.  These “macro” changes can influence what needs to go into a contract, how to comply with it, and how you negotiate provisions such as reps and warranties to comply with applicable laws, insurance required, the scope of audit rights, and appropriate liability caps.  Again, this context can substantially influence the legal analysis and how you approach contract redlines.

Know and match your boss’s risk tolerance and review contracts accordingly

As an in-house attorney, you are essentially an extension of your boss and your legal team as you work with other departments to review their contracts and provide both legal and business advice.  Therefore, it pays to know your boss’s style and risk preferences and take a similar approach (as long as you’re comfortable with it).

For example, if your boss wants to avoid legal jargon, use plain speech in your comments on contracts and your emails framing contractual issues for business partners.  If your boss feels strongly about certain contractual provisions, know which sections and which edits to prioritize. Likewise, if you observe your boss’s willingness to accept risk (or not), you can match your boss’s risk tolerance when giving advice in meetings your boss doesn’t attend or reviewing contracts your boss asks you to review independently.

Draft concise emails that frame issues, highlight recommendations, and provide context efficiently

A great deal of in-house work happens over email, especially when it comes to negotiating contracts.  Part of your job as in-house counsel is to send your boss concise, clear, and informative emails to keep them updated on your work progress and the happenings of the organization.  It is essential that your emails to your boss make clear your recommendation.  Do not stop at issue spotting.  Your boss (and everyone involved) wants a solution.  In the context of contracts, your boss wants to know how you plan to resolve negotiated issues, not just the positioning of each side.

Your boss also wants context.  They want to know things like: How did this contract come to the legal team?  What are the deadlines?  Who is involved, from which teams, and at what levels of the business?  Which clients are affected and are they significant sources of revenue, likely to get frustrated because of previous issues, or subject to an upcoming contract renewal?  What’s the reason this client is asking for a rushed review or insisting on using their template?

The challenge, of course, is to provide this context concisely.  Make sure your recommendations, solutions, and asks are clear and upfront.  If necessary, consider providing an appendix to your email with additional context.  That way, your boss can focus on the important items first and they have additional information available as needed.

If your boss prefers a meeting instead of an email, bring an agenda to make the meeting more efficient and productive, and consider sending that agenda to your boss in advance.

*               *              *

Your job as an in-house lawyer is not only to be technically proficient, but also to make your boss (and your legal team) look good.  You’ll be well on your way with these strategies.

The post How to Make Your Boss Look Good When Reviewing Contracts appeared first on Contract Nerds.

How to Negotiate a Data Protection Addendum When the Customer Pushes Their Template

So you work for a software-as-service (SaaS) vendor and you have your standard SaaS Agreement that you send to customers for signing prior to onboarding. As part of your SaaS Agreement package, you also have a Data Protection Addendum (DPA) template that governs data privacy and security provisions.

The goal is that your customers will use your contractual templates. But often, you receive redlines for classic items, like the limitation of liability and indemnity clauses. Some customers even send their template DPA for review, refusing to use yours because they are the data owner and want to maintain control over the DPA terms.

This customer’s request creates potential confusion, greater liability, new operational promises, and client experience friction. But your sales team really wants to sign them.

What can you do to be a good business partner while also protecting the overall business? This article lays out four options you can use to manage this issue, in priority order from a vendor’s perspective.

1. Explain the “Operational Truth” for why your DPA should be the foundation

This is the best approach for the vendor since it reflects its actual processes, which I like to call the “operational truth”. You can explain to the customer that you run a scaled service which prioritizes consistency and stability for the entire client base and keeps pricing efficient. If you start creating bespoke technical operations on a one-off client basis, that breaks the scale, consistency, and price efficiency of your operations.

For these reasons, it makes the most sense to use the vendor’s DPA as-is, so that the promises match the client experience, and the pricing remains efficient. I like to explain to customers that bespoke customer processes require greater vendor resources, which in turn increases the cost of the vendor’s services. The customer is not typically looking to increase its price, so this explanation gives the customer an internal explanation for what they understand the value of a consistent and scaled vendor processes.

Great work if this is your result.

2. Add reasonable clauses from the customer’s DPA to close specific gaps

If the customer remains insistent that the vendor’s DPA is not acceptable as-is, you can ask the customer to identify specific items in their DPA that they feel are gaps in the vendor DPA. This way you can keep your foundation and only review specific items that seem reasonable and that don’t deviate (too much) from your standard operations.  If you’re unsure about any new responsibilities being requested, check first with your hosting or data security team.

Still a good result at this stage.

3. Use the customer’s DPA as the foundation but water it down

Some customers will not move forward due to “policy” (or similar) reasons without their DPA being the foundation. This becomes a bit more work but still doable because you can take their DPA and do a map against yours.

First, water down the bespoke operational requirements to become higher level promises that generally match your standard operations.

Then, include specific items from your standard DPA to close gaps. Again, if you’re unsure about any new responsibilities check with your hosting or data security team.

At this stage you’re being a very accommodating vendor so I hope you’re winning good will with the sales team and customer!

4. Sign up and plug nose

The most unfortunate situation is a customer that will not sign the agreement without their DPA being agreed as-is. As the vendor you are now in a (slightly) concerning situation where you could be signing up to data security and hosting obligations that do not fall into your standard operations.

This is a bit stressful but we still have a couple of options to mitigate the risk of signing up to bespoke customer data security and hosting obligations.

First, identify the operational concerns and copy those out into a meeting invite with your hosting or data security team to determine how atypical these processes might be. Maybe they’re no big deal, or perhaps there’s a technical or internal solution.

Second, if these are a big deal (such as: bespoke business continuity/failover processes, or cumbersome continuous technical audit obligations) but signing is more important, then you can get the functional leaders to align (ideally in an email for context later) that we are signing up to these commitments knowing we may not be able to perform some of them, but the reward is worth the risk.

A bit more nerve-wracking, but hey this is the business world, not Utopia!

*               *              *

On the vendor side, there is always a fine line to balance between revenue generation/retainment vs. risk management. Each company sits somewhere on the risk appetite continuum. I’d encourage being curious about where your company is today, and wants to be, on that continuum so you can build processes that remove deal friction and maintain as much of your data security and hosting team’s standard processes as possible.

You won’t win them all, but these four tips have helped me manage my fair share to a good result.

The post How to Negotiate a Data Protection Addendum When the Customer Pushes Their Template appeared first on Contract Nerds.

Driving Digital Contract Transformation for Greater Legal Operations Efficiency

Behind any profitable, high-functioning legal department is an effective and efficient legal operations team. From strategic planning to financial management, analytics, project management, and client services, the legal ops team oversees a wide range of critical functions. There is a need to instill more efficiency in the system to empower attorneys to focus on crucial legal work beyond mundane administrative and operational issues.

To keep daily operations running smoothly while preparing for emerging challenges, legal operations professionals require cutting-edge digital tools. A never-ending demand to do more with fewer resources—constantly increasing efficiency while lowering costs—is compelling many legal ops teams to accelerate their digital transformations.

Making the transition from legacy systems to digital technologies enables legal operations professionals to orchestrate fundamental changes to their processes. Contracts are vital assets that shape and govern virtually every business transaction and can be a powerful catalyst for a successful digital transformation. Digitizing contracts, creating a single-uniform contract repository, and automating key tasks pertinent to contract authoring, negotiation, and execution are the starting points of the digital transformation of legal operations.

In most organizations, contracts and the contracting process have a far-reaching impact, affecting risk management, compliance, procurement, sales, finance, and virtually every other essential function within the company. Contracts contain the data that defines how those functions must operate. This article covers how legal ops departments take on contract management tasks, the impediments they face, and, finally, how CLM technology can make the process more efficient.

The Challenge: Access to Contract Data

Although contracts are packed with valuable data, that data sits largely untapped in legacy systems that are built on outdated technology and are difficult to navigate and integrate with new-age systems. Siloed contracts present enterprises with some major hurdles in their efforts to take full advantage of contract data, including:

1. Lack of Visibility

Legal ops teams require deep visibility into their contract portfolio to discover and assess risk before it disrupts business. However, storing contracts in siloed systems limits access and visibility, making it difficult to address risk elements hidden deep within agreements.

2. Inefficiency

Legacy systems hinder efficient contract authoring and negotiations with time-consuming, labor-intensive manual processes. These unwieldy manual processes—along with unstructured contract data that is difficult to analyze—jam up workflows, decrease productivity, increase error rates, and elevate costs.

3. Increased Risk

One of the principal functions of legal operations is risk management—a function that is severely impeded by the manual processes of legacy systems. The use of non-standard contract language and templates can lead to agreements that are not aligned with company positions or adaptive to new and emerging regulations.

4. Inadequate Analysis

Traditional contract analysis programs employ highly manual, spreadsheet-based processes that are not only time-consuming and expensive, but they are also susceptible to errors. Manual contract reviews do not offer deep visibility or accurate analytical insights, often leading to increased risk of exposure.

The Solution: A Digital Tool to Unlock the Immense Value of Contract Data

By digitizing contracts, enterprises can harness valuable data to gain analytics, insights, and the ability to optimize key performance indicators. In addition, digitizing contracts and contract management processes allows enterprises to mitigate prospective risks and achieve improved results throughout the operation. This process begins with the deployment of contract lifecycle management (CLM) technology.

CLM technology provides a robust platform for launching, propelling, and sustaining a digital transformation. By digitizing all phases of the contract lifecycle on a platform powered by artificial intelligence (AI), CLM software makes it possible for legal operations teams to realize a wide range of significant benefits, including:

1. Transparency

CLM technology greatly enhances visibility into contracts, including obligations and compliance requirements. AI-driven auto extraction platforms rapidly transform unstructured contract data into meaningful information that is organized, stored, and easily retrieved in a central repository. This facilitates access to performance insights and risk analytics that help legal operations professionals progressively build stronger contracts, mitigate prospective risks, and achieve more favorable business outcomes.

The SirionOne dashboard enables visual monitoring of contract performance.


2. Streamlined processes

AI-powered CLM technology enables exponential efficiency gains by automating and transforming contract authoring and negotiation functions. Digitizing and centralizing thousands of contracts into a searchable repository allows legal operations to optimize workflows, boost productivity, reduce error rates, and achieve a faster time-to-contract at a lower cost.

3. Risk reduction

By standardizing contract language and processes, CLM technology provides quality control over contracts enterprise-wide. AI-led risk discovery during the review process of new contracts and third-party papers flags risk elements such as missing clauses and clause deviations. It also prevents revenue loss by tracking contract end dates and flagging renewal dates.

4. Insights

CLM technology collects critical contract intelligence through AI-based auto extraction. Intelligence gleaned from contract analytics improves the ability of legal operations to monitor and assess risk, compliance, and potential opportunities. It also provides an edge during negotiations and enables legal ops teams to generate better contracts.

The SirionOne Digital Transformation Engine

SirionOne’s CLM software empowers legal ops teams to take control of their contract data. As a best-in-class CLM solution, SirionOne seamlessly integrates with enterprise processes and offers a rich suite of capabilities for legal operations.

The formidable AI engine of SirionOne provides advanced automation and intelligence delivered through an architecture designed for scale and security. On a single CLM platform, SirionOne transforms contracting by automating contract processes, accelerating time-to-contract, lowering risk, providing 360-degree visibility into obligations and compliance requirements, and strengthening negotiation capabilities. It unlocks deep contract intelligence—transforming unstructured contract data into meaningful, accessible, and actionable data to minimize risk, ensure compliance, and produce smarter contracts.

Find out how SirionOne’s AI-led platform can transform the way your legal operations team works and help your enterprise realize the full value of its contracts. Contact us with any questions, or to request a demo of our acclaimed software.

The post Driving Digital Contract Transformation for Greater Legal Operations Efficiency appeared first on Contract Nerds.