National Academies Press: OpenBook

Contract Risk Management for Airport Agreements (2016)

Chapter: H. Software/IT Agreements

Get This Book
Unfortunately, this book can't be printed from the OpenBook. If you need to print pages from this book, we recommend downloading it as a PDF.

Visit NAP.edu/10766 to get more information about this book, to buy it in print, or to download it as a free PDF.
« Previous: G. Vendor/Purchasing Agreements
Page 34
Suggested Citation:"H. Software/IT Agreements." National Academies of Sciences, Engineering, and Medicine. 2016. Contract Risk Management for Airport Agreements. Washington, DC: The National Academies Press. doi: 10.17226/23693.
×
Save
Cancel
Page 34
Page 35
Suggested Citation:"H. Software/IT Agreements." National Academies of Sciences, Engineering, and Medicine. 2016. Contract Risk Management for Airport Agreements. Washington, DC: The National Academies Press. doi: 10.17226/23693.
×
Save
Cancel
Page 35
Page 36
Suggested Citation:"H. Software/IT Agreements." National Academies of Sciences, Engineering, and Medicine. 2016. Contract Risk Management for Airport Agreements. Washington, DC: The National Academies Press. doi: 10.17226/23693.
×
Save
Cancel
Page 36

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

34 15.3 General Provisions. The Contractor shall, during the term of this Contract, repair any damage caused to real or personal property of the Authority and/or its tenants, wher- ever situated on the Airport, caused by the intentional, reckless, or negligent acts or omissions of the Contractor’s officers, agents, or employees, and any subcontractors and their officers, agents, or employees, or, at the option of the Authority, the Contractor shall reimburse the Authority for the cost of repairs thereto and replacement thereof accom- plished by or on behalf of the Authority. See Appendix G-4, Orlando International Airport. Appendix G-4 provides a survey of additional con- tractual provisions used by other airports to address property damage risk. Methods to Contractually Mitigate Risk The following list provides topics and issues to address when drafting or reviewing a contractual provision related to property damage risk: • Obtain indemnity from vendors for all opera- tions, regardless of fault. • Require vendors to maintain appropriate insurance coverage, naming the airport as an additional insured to cover liability related to prop- erty damage that results from their operations on the airport premises. H. Software/IT Agreements Software systems are critical to airport opera- tions, including such functions as the airport’s finan- cial systems and passenger flight information displays. Software that does not conform to the desired specifications, and thus fails to perform to the standards required by the airport, can signifi- cantly hinder airport operations, and ultimately, airport revenues. In addition, many software solutions today do not reside on airport servers but are hosted remotely and accessed through the Internet. Although this configuration may reduce airport hardware costs, it creates the additional risk that, even if the software meets specifications, the server farm host may lose power, go out of business, suffer a fire or other calam- ity, etc. As a result, airports need redundant soft- ware systems and/or source code escrows to allow for continued operations, despite access disruption to cloud-based systems. Identification of Risk The risks attendant to software/IT agreements are addressed through contractual provisions and a variety of insurance instruments. The risks and risk mitigation strategies under the majority of these agreements are similar, with the primary ones including system downtime, system security, perfor- mance, and obsolescence. subcontractors or suppliers of any tier, or by any of their employees, agents or persons under their direction or control; violation by Concessionaire Tenant or Concessionaire Ten- ant’s officers, directors, agents, subcontractors or suppliers of any tier, or by any of their employees, agents and persons under their direction or control, of any copyright, trademark or patent or federal, State or local law, rule, code, regulation, policy or ordinance; nonpayment to any of Concessionaire Tenant’s subcontractors or suppliers of any tier, or if any offi- cers, agents, consultants, employees or representatives of Concessionaire Tenant or its subcontractors or suppliers of any tier; and, any other act, omission, fault or negligence, whether active or passive, of Concessionaire Tenant or any- one acting under its direction or control or on its behalf in connection with or incidental to the performance of this Agreement (collectively “Acts and Omissions”). This indemni- fication obligation includes any penalties or fines assessed by the Federal Aviation Administration or Transportation Security Administration as well as any other costs to the City, such as investigation and security training, incurred as a result of any violation of federal security regulations, includ- ing the Airport security plan, by the Concessionaire Tenant, its subcontractors, or anyone directly or indirectly employed by them or anyone for whose acts they may be liable. (h) The indemnification obligations of this Agreement shall not be reduced by a limitation on the amount or type of damages, compensation or benefits payable by or for the Concessionaire Tenant, a subconsultant or subcontractor under workers’ compensation acts, disability benefits acts, or other employee benefit acts. See Appendix G-3, Salt Lake City International Airport. Appendix G-3 provides a survey of additional con- tractual provisions used by other airports to address the risk of personal injury. Methods to Contractually Mitigate Risk The following list provides topics and issues to address when drafting or reviewing a contractual provision related to personal injury risk: • Obtain indemnity from vendors for all opera- tions, regardless of fault. • Require vendors to maintain appropriate insurance coverage, naming the airport as an additional insured to cover liability related to per- sonal injury that results from their operations on the airport premises. 4. Property Damage.—As part of many vendor/pur- chasing agreements, vendors are permitted to build- out and occupy space within the airport. Vendors’ activities in developing their space and the continued use of that space may result in damage to airport property. Airports must allocate responsibility among the parties for damages to airport property. Example/Sample Provision The following contractual provision is an example of how property damage risk may be addressed in a vendor/purchasing agreement.

35 quality, or content of the Deposit Materials. However, at the request of the City, Consultant shall instruct and pay for the escrow company to conduct technical verifications of the Deposit Materials for the City in accordance with a techni- cal verification addendum to the Beneficiary Registration Form and at the escrow company’s then current fees plus expenses for the technical verifications. d. Fees. 1) Beneficiary Fee. Consultant will be responsible for pay- ing annual beneficiary fees. Consultant will pay the benefi- ciary fees to the escrow company on behalf of City in accordance with the terms and fee schedule attached to the Beneficiary Registration Form as Exhibit A. 2) Release Fee. In the event that City requests and is granted a release of the Deposit Materials, City shall pay to the escrow company the Release Fee as described in Section 16(c) of the Escrow Agreement. If the Deposit Materials are released to the City at the instruction of Consultant as described in Section 16(f) to the Escrow Agreement, the Consultant shall pay the release fee to the escrow company. 3) Release Costs. City shall pay the escrow company for rea- sonable costs incurred by the escrow company in releasing, copying and delivering the Deposit Materials to the City. All other out-of-pocket costs reasonably incurred by the escrow company in connection with the Escrow Agreement are reimbursable to the escrow company by, 1) the City if it requests the release or, 2) by Consultant if it instructs the escrow company to release the Deposit Materials. e. In the event that Consultant changes its current escrow services provider to a different provider, Consultant will inform City in writing prior to such change. Consultant will be responsible for establishing an escrow service agreement acceptable to City. f. In the Escrow Agreement this Agreement document is referred to as the “License Agreement.” The Parties hereby agree that any reference to City’s License Agreement in the Escrow Agreement and Beneficiary Registration Form will hereby mean this Agreement document. g. Dispute resolution. Paragraph 20 of the Escrow Agree- ment states certain conditions for resolutions of disputes; however, Consultant agrees that all actions between City and Consultant in connection with the Escrow Agreement, including without limitation court proceedings, administra- tive proceedings, arbitration and mediation proceedings, shall be initiated within Salt Lake County as stated under Article 34 of this Agreement, and that the provisions of Paragraph 20 of the Escrow Agreement are not applicable to any such actions between the City and Consultant. See Appendix H-1, Salt Lake City International Airport. Appendix H-1 provides a survey of additional contractual provisions used by other airports to address the risk associated with system downtime. Methods to Contractually Mitigate Risk The following list provides topics and issues to address when drafting or reviewing a contrac- tual provision related to risk associated with system downtime: 1. System Downtime.—One of the primary risks associated with software/IT agreements is the impact on airport operations related to software systems being out of operation for any length of time. System downtime can result in flight delays, communication issues, and compromised airport security. Airports must ensure that the software/IT agreements provide safeguards against system failures and backup sys- tems in the event of system failure. One such safe- guard that can help minimize system downtime, especially with regard to remote cloud-based software systems, is the implementation of redundant software systems, which provide a backup in the event of a sys- tem failure. Another contractual safeguard used by many airports is a source code escrow, whereby the software or system developer places the source code for the software in escrow and permits access to the source code under certain circumstances as necessary. Example/Sample Provision The following contractual provision is an example of how risk associated with system downtime may be addressed in a software/IT agreement. A.2. Source Code. Consultant hereby grants to City a license to use all source code for the entire Software Program and PMSS (“Source Code”) for the purposes described in this Agreement. This Source Code will be placed in an agreed to escrow account with the City identified as beneficiary and be accessible to the City on the terms and conditions set forth in the Escrow Agreement (“Escrow Agreement”) and the beneficiary registration form (“Beneficiary Registration Form”), which shall be attached hereto and be part of this Agreement as Attachment 6 at such time as each is prop- erly and fully executed. The Source Code shall be kept cur- rent with the latest release of the Software Program in use by the City. a. City Access to Source Code. City may gain access to the Source Code by requesting the release of deposit materials (“Deposit Materials”) listed in Appendix 1 of the Beneficiary Registration Form. City will follow the release process set forth in the Escrow Agreement, and the release conditions as set forth in Appendix 1 of the Beneficiary Registration Form. b. Adequacy of Deposit Materials. The escrow company acts as a depository only of the Deposit Materials. Consultant shall be responsible for, without limitation, the complete- ness, accuracy, suitability, state, format, quality content, correctness of the Deposit Materials. Consultant shall be responsible for any loss of Deposit Materials due to defec- tive, outdated, unreliable storage media (e.g., CD ROMs, magnetic tape, disks, and other such media) and for the deg- radation of storage media. If the City is aware or believes that the Source Code or any Deposit Materials identified in Appendix 1 of the Beneficiary Registration Form are incom- plete or inadequate Consultant shall resolve the matter as soon as reasonably practical to City’s satisfaction. c. Verification of Deposit Materials. The escrow company providing the escrow services for Consultant under the Escrow Agreement will not be responsible for verifying the completeness, accuracy, suitability, state, format, safety,

36 results from breaches of the software system to the vendor. • Ensure that the software and/or hardware used include data encryption and routine data backups. 3. Performance.—Satisfactory performance of air- port software/IT agreements is critical to airport operations. It is imperative to airport operations that software and IT systems perform as intended. A software program failure or its failure to perform in accordance with its specifications creates signifi- cant risks for airports in the form of potential sys- tem downtime and compromised airport security. The risks associated with deficient performance of software/IT agreements can be addressed through clarity in the scope of services and specifications and the inclusion of a performance bond to insure satisfactory performance. Example/Sample Provision The following contractual provision is an example of how performance risk may be addressed in a soft- ware/IT agreement. ARTICLE 12. LETTER OF CREDIT OR PERFORMANCE BOND Prior to execution of this Agreement, Consultant shall pro- vide City a letter of credit or performance bond in an amount equal to $500,000, payable to City. Thereafter, Con- sultant shall at all times maintain such letter of credit or performance bond in an amount equal to $500,000 during the term of this Agreement. Said letter of credit or perfor- mance bond shall be conditioned to ensure the faithful and full performance by Consultant of all covenants, terms, and conditions of this Agreement and to stand as security for payment by Consultant of all valid claims by City against Consultant. Such guarantee will serve as a surety or secu- rity for the full and faithful performance of all terms, cove- nants, and conditions of this Agreement for the configuration, implementation including all required testing, training and related service requirements of Attachments 1 and 2 through the Final Acceptance Date, as such term is defined in Attachment 1. The form of the required letter of credit or performance bond and their surety company must be satis- factory to the City Attorney’s Office. Letter of credit or per- formance bond is only required for the implementation phase (through the Final Acceptance Date) of the contract as defined in Attachment 1 and not required for the support and maintenance phase of the contract. See Appendix H-3, Salt Lake City International Airport. Appendix H-3 provides a survey of additional contractual provisions used by other airports to address the risk associated with performance. Methods to Contractually Mitigate Risk The following list provides topics and issues to address when drafting or reviewing a contractual provision related to performance risk: • Obtain indemnity from contractor for all loss, damages (direct and consequential), and costs incurred by the airport as a result of system down- time, regardless of fault. • Include uptime guarantees, coupled with downtime penalties, in the agreement. • Negotiate source code escrows and/or redun- dant host systems for Web-based hosted software. 2. Software Security.—Airport software/IT systems are no doubt the subject of numerous attempted cyber- attacks, any one of which could shut down airport operations or endanger the safety of the airport pas- sengers. Proper security of airport software/IT systems should include both software and hardware security solutions, including data encryption, data masking, and routine backups of data. Software/IT agreements must explicitly provide that any software and/or hard- ware installed and utilized by the airport must be com- pliant with all federal security standards. Example/Sample Provision The following contractual provision is an example of how risk associated with software security may be addressed in a software/IT agreement. I. Security Premises, Equipment, Data and Personnel. Vendor and/or Order Fulfiller may, from time to time during the performance of the Contract, have access to the personnel, premises, equipment, and other property, includ- ing data, files and/or materials (collectively referred to as “Data”) belonging to the Customer. Vendor and/or Order Fulfiller shall use their best efforts to preserve the safety, security, and the integrity of the personnel, premises, equipment, Data and other property of the Customer, in accordance with the instruction of the Customer. Vendor and/or Order Fulfiller shall be responsible for damage to Customer’s equipment, workplace, and its contents when such damage is caused by its employees or subcontractors. If a Vendor and/or Order Fulfiller fails to comply with Customer’s security requirements, then Customer may immediately terminate its Purchase Order and related Service Agreement. See Appendix H-2, Dallas/Fort Worth International Airport. Appendix H-2 provides a survey of additional contractual provisions used by other airports to address the risk associated with software security. Methods to Contractually Mitigate Risk The following list provides topics and issues to address when drafting or reviewing a contractual provision related to risk associated with software security: • Explicitly provide that any software installed and utilized by the airport must be compliant with all federal security standards. • Allocate responsibility for damages incurred by the airport or third parties, of any kind, that

Next: CONCLUSION »
Contract Risk Management for Airport Agreements Get This Book
×
Contract Risk Management for Airport Agreements
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB’s Airport Cooperative Research Program (ACRP) Legal Research Digest 30: Contract Risk Management for Airport Agreements provides a general overview of the types of agreements that are typically used by airports of all sizes. It identifies primary risks associated with each type of agreement, and the

appendices

provide sample language from four organizations illustrating how they manage and mitigate those risks.

READ FREE ONLINE

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!