Early in her career, exiting an agreement with an IT supplier early due to their poor performance, CIO Christelle Heikkila requested her organisation’s data back and was told, nastily, that it would be delivered in printed screenshots. She’s been paying very close attention to the contractual small print ever since.
In an interview with The Stack, Heikkila – who spent three years working at Arsenal Football Club in a CIO capacity and a decade at Sainsbury’s helping to drive the supermarket’s digital agenda – suggests that the nuances of complex commercial relationships and more broadly what she characterises as the “business of technology” – as opposed to the thicket of technology execution – are things that many IT leaders are under-prepared for; emphasising that both contract and relationship management are truly core CIO skills.
She says: “The one thing that is a challenge is keeping on top of the sheer volume of contracts to deal with. I always wanted to focus on consolidation of vendors where I could, to help minimise the number of contracts and associated risk around them; as well as to build stronger relationships with fewer vendors.”
Relationships with vendors, counsel, procurement matter
How important are those relationships?
“They are so important. But too often what you get is a couple of months before renewal somebody popping up to say ‘hi, I'm your account manager’. That’s often too late to convince me this is a vendor who cares about your business. It’s not that a lot of vendor support is always required, but those relationships are still critical.
Speaking to The Stack, Christelle Heikkila says: "The vendors that develop a proactive relationship with you are the ones that you are going to continue to do business with and possibly grow business with. I had a complex issue to deal with at one point, reached out to the vendor in question and was told ‘I am limited to how much more I can support you, as you have minimal business services with us’" -- adding unapologetically: "The inevitable outcome of that was I made sure that I terminated all business services with that vendor going forward.”
Don’t infuriate your customers is a simple dictum that, apparently, too many vendors continue to find an exotic thought experiment. A quick glimpse at any forum will find excessive mandatory contract terms is one common bugbear and she agrees: “It is a real balance between not having to re-contract too regularly, because there's an overhead in that, negotiating an attractive price and wanting the flexibility to come out of that contract. My view when procuring software is that very long deals are generally not a good idea; technology is changing so fast.”
See also: US Space Systems Command CIO "Colonel K" sits down with The Stack
Agreeing the termination period is another balancing act since “you need time to potentially move to another supplier yet if you have to give too much notice this may constrain your flexibility” explains Heikkila. Another pitfall to avoid is failing to build in protection against price hikes, “especially important when having to manage the IT budget - another important role of the CIO” she adds. And talking of money, payment terms can be a bone of contention. “Of course your supplier wants paying promptly but sometimes your internal finance processes may mean within 28 days of invoice submission is simply not possible” Heikkila tells us. One important question she always asked herself when reviewing a software contract is ‘what assurances do I have that the data is secure? And if the worst comes to the worst and there is a breach, how will the vendor inform us?’.
“Whilst the system is ‘manufactured’ by the vendor, it’s my organisation’s name on the tin” she points out.
For CIOs at larger organisations, there are both legal and procurement teams that can facilitate contractual negotiations in many instances. Often from a legal counsel the lament can be “why does my CIO always involve me at the last minute?” or even worse “why didn’t our CIO involve us at all?”
Heikkila notes that when it comes to relationships, building them with your own legal and procurement teams is also critical, albeit with the recognition that “the big difference between somebody wearing a CIO hat negotiating a technology contract, and your technology lawyer is that the lawyer is all about risk, whereas for the CIO whilst risk is important too, it’s also fundamentally about execution; because the business needs this technology or wants this service" -- getting the building blocks in place with your legal team is vital early on, she emphasises, so that each outreach effort from the CIO’s office isn’t a last-minute request for urgent help with unclear parameters.
“The simplest thing is for you to agree some standard contract terms together; so perhaps I might highlight some essentials around getting my data back, or data security, while a lawyer may typically focus on indemnities and liabilities. You can also get together at the start of an RFP process to review contracts. This allows any big howlers from a legal perspective to get flushed out early. It’s also good to agree up front when you are going to involve a lawyer at all; some contract values may fall below the need for it in theory, but also involve sensitive data, for example. However, the most important thing is to meet your lawyer regularly - there will inevitably be a lot to discuss when managing multiple contracts at different stages simultaneously”. Crucially from Heikkila’s perspective “the worst thing that can happen is that with a tight implementation deadline, progress is impeded due to a contractual hold up. Although an incumbent supplier will tolerate a delay in contract signing, a new supplier is often unwilling to commit any resources to a project unless the ink is dry”.
The healthy tension between CIO and legal counsel can become most pronounced when dealing with smaller suppliers like innovative but somewhat untested startups, she notes: “Sometimes these vendors don’t have internal legal and procurement expertise; they may have never done a penetration test and you have to demand it, or things like escrow start to become important. You have to warn the business about the risk…”
Unfortunately, many CIOs have a story about when things with a technology supplier haven’t gone well. Heikkila tells The Stack that “at the end of the day, however lengthy and tortuous a contractual negotiation may seem, contracts are there for a reason. A good contract is a contract that never needs to be dusted off again since the terms of the relationship are clear right from the start”.