How to Best Navigate Infrastructure and IT Agreement Issues in the WFH Environment
An opportunity now exists for organizations and employees to come together to leverage existing and developing technologies to meet the needs of the work from home (WFH) environment.
May 06, 2020 at 07:00 AM
7 minute read
Credit: metamorworks/Shutterstock.com.
"WFH" ("work from home") has entered the lexicon in the wake of the COVID-19 pandemic as more organizations mandate remote work conditions for all or nearly all of their workforce. Despite the obvious challenges associated with WFH conditions, organizations with strong virtual technology infrastructure—including secure enterprise tools, videoconferencing capabilities, workforce collaboration tools and mobile applications—are best positioned to handle, without significant degradation in performance or compliance risk, the needs of a fully remote workforce.
There is no-one-size-fits-all approach to leveraging technology, as every organization has its own unique facts and circumstances. Understanding these elements is crucial in implementing mindful technology solutions to support a remote workforce. Below we outline a few best practices for navigating WFH considerations.
|Infrastructure and User Access Metrics
A key first step is for the organization to understand how its remote workforce is accessing business applications in the WFH environment. Except for businesses that operated with a remote workforce pre-COVID-19, most organizations build technology infrastructure assuming that only a small portion of their workforce will access certain business applications remotely at the same time.
Not surprisingly, pricing for many cloud-hosted business applications is based upon the customer's expected number of simultaneous users, with defined allowances if the customer exceeds simultaneous user limits. These agreements can be problematic if the vendor imposes hard caps on usage in excess of contract limitations and require formal written amendment and/or prepayment of additional fees to increase usage. Larger businesses may have the option for their subscription fees for cloud-hosted applications to true-up at a later date if the business goes over the license metric, but smaller businesses often do not get the benefit of this true-up feature and thus can be exposed to unexpected subscription fee increases and/or face claims of copyright violations for unlicensed use.
To the extent licensure issues are identified in vendor agreements, the organization should consider proactively engaging vendors to avoid unexpected fee(s) and/or interference in performance. Further, consider asking vendors to waive incremental licensure costs for an agreed upon period and/or in exchange for extending the committed term of the contract.
Organizations who fail to proactive identify these types of limitations may find out the hard way that they cannot handle their entire workforce accessing their systems remotely. Proactive collection and analysis of data regarding application usage, time frames of peaks and valleys in usage, and which applications are generating the most user support/troubleshooting requests can help ensure that the organization is deploying resources in the most effective way. Organizations should also be mindful to ensure to have on-premise infrastructure necessary to support increased application usage, which may require running hybrid on-premise and hosted configuration for certain applications. It may also be beneficial to reallocate resources (both technical resources and IT support team members) from on-premise services to support remote users and/or modify IT operating controls to better enable emergent support issues with the WFH workforce.
|Service Level Commitments
One key impact of the WFH environment involves the organization's relationships with its IT service providers. Current business conditions have created serious challenges for IT service providers. Potential non-performance by IT service providers can have significant consequences for service providers and customers, especially for service providers who are involved in securing customer data and business applications and for engagements that involve onsite personnel.
Most IT vendor agreements identify basic support and service level commitments, and may address application availability (i.e., 99.5% uptime) and technical support (i.e., critical support tickets worked within 1 hour of notification). To the extent an organization identifies performance issues with a particular IT vendor, proactive communication with the vendor should be prioritized, which may include seeking an increased allocation of the vendor's resources to meet individual business needs. For example, in the event current service level commitments are insufficient to meet anticipated user demand, the vendor may offer alternative service levels with nominal increased cost.
In addition, many IT vendor agreements provide for service level credits and/or termination rights in the event support and/or service level commitments are not met. Organizations that have contracts with IT service providers (and IT service providers themselves) should carefully review any force majeure type provisions in their contracts. Although force majeure provisions in IT vendor agreements may not specifically contemplate a global pandemic such as COVID-19, these provisions are often drafted broadly and based on events beyond a party's control, and may excuse non-performance under the agreement and/or allocate risks and costs differently when such an event occurs. If a business has concluded that it has solid legal ground upon which to seek service level credits and/or terminate an IT vendor agreement, now may be the time to pursue those remedies, if not move to a new solution or IT vendor altogether.
|Cybersecurity
While issues in accessing technologies can impact the employee's ability to effectively and/or timely complete work-related tasks, potentially more concerning are issues related to employees transmitting, storing and/or accessing sensitive business files, trade secrets and personal data through insecure mechanisms, such as saving business files on personal devices. Loss and/or disclosure of this type of sensitive information could result in loss of competitive advantages, increased legal exposure for mishandling of third-party information, and create additional costs for the organization, so cybersecurity must be emphasized. Members of the organization's workforce can be made aware of cyber risks and provided training and guidance on technology that they are expected to use in the WFH environment, hopefully leading to better security practices in the future.
Now may also be a great time for organizations to conduct reviews of the information security and privacy practices of their vendors and confirm that vendors comply with organization policies and expectations. It is also worthwhile to reconsider best practices that to help maintain application security; many of these can be done easily through the settings function of the application. . Best practices can often be implemented through the settings function of the application, such as upgrading to the most recent version of the application; mandating strong passwords and/or leveraging single sign on functionality; and for videoconference technologies, moderating meetings and requiring all attendees to identify themselves at the beginning of a meeting.
|Conclusions
An opportunity now exists for organizations and employees to come together to leverage existing and developing technologies to meet the needs of the WFH environment. Such efforts may include the following recommendations:
- Understand application licensing metrics and compare against usage statistics, including proactive engagement with vendors to mitigate/avoid unexpected cost increases.
- Redeploy resources (both technology and IT personnel) to reflect current needs.
- Review SLAs with IT service providers and seek appropriate service level remedies.
- Emphasize and train workforce on cybersecurity best practices.
- Conduct application and vendor cybersecurity due diligence on an ongoing basis, and mitigate all known risks.
Tony S. Caldwell, an associate at Snell & Wilmer, LLP, focuses on commercial transactions and contracting matters, including issues related to sales, licensing, manufacturing, supply chain, data use, privacy and security, resellers, collaborations, mergers and acquisitions, and technology transfers. R. Lee Fraley is a partner at the firm, where he offers clients a unique blend of intellectual property counseling, IP rights enforcement and defense, and solution-focused negotiation of IP-related transactions and acquisitions. Special thanks to Snell & Wilmer's Chief Information Officer, Ken Orgeron, and Chief Privacy Officer, Maureen Babcock, for their input.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLaw Firms Mentioned
Trending Stories
- 1Employment Law Developments to Expect From the Second Trump Administration
- 2How I Made Law Firm Leadership: 'It’s Imperative That You Never Stop Learning,' Says Ian Ribald of Ballard Spahr
- 3People in the News—Dec. 30, 2024—Pond Lehocky, Buchanan Ingersoll
- 4Orange Belongs to All: U-Haul Suit Argues Rival Public Storage Cannot Claim the Color
- 5Continuing Consolidation: The Biggest Legal Tech M&As of 2024
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
