Posted
By

Deploying a software package across the company (or most of the company) is becoming a reality for most companies. Standard processes and systems drive cost, quality and performance improvements. Unlimited deployment rights may also reduce transaction costs and project completion timeframes. The right enterprise and unlimited license agreement can make all the sense in the world.

In the first installment of this blog, we set up a scenario where you are a CIO faced with a decision on whether or not to enter into an “enterprise” or an “unlimited” license arrangement with a major software publisher. In discussing the first of our four questions (“What does “enterprise” or “unlimited” really mean?”), we explained that there are many potentially perilous pitfalls in these license arrangements, and conveyed how you might to look to avoid or mitigate them.

Again working from our four-question framework, let’s now focus on the second question: “Do we really want to be doing business with this publisher?”

Continue reading

Posted
By

The rise of cloud computing services and the privacy/security issues involved have been much discussed (see, for example, our prior blog posts here). But when customers procure cloud-based services, a critical “behind the scenes” issue is often overlooked: is the cloud provider itself relying on third party subcontractors to perform critical functions? When these subcontractors are added to the mix, things become a bit more complicated.

Cloud computing offers a wide variety of services:

  • IaaS: infrastructure as a service to replace a customer’s data center or testing environment;
Continue reading

Posted
By

Although reconciliation of the key terms has been a best practice for over-the-counter derivative trades for some time (particularly with collateralised trades), the scale of the reconciliation exercise imposed by forthcoming regulations in the EU and U.S. has caused many market participants to undertake a fundamental review of the systems and processes in place. For many, compliance can only be achieved by utilising a third party for provision of an appropriate technology platform or an end-to-end service. With imminent compliance deadlines and the late development of the requirements themselves, functionality has understandably been the focus of any sourcing process. However, from a supply chain and outsourcing perspective, a key challenge remains the manner in which the financial services-specific regulations are applied to this type of third-party arrangement.

The New Legislation

With the 1 July deadline for compliance with CFTC Rule 23.502 looming and the equivalent EU legislation (in the form of the Commission Delegated Regulation (EU) No. 149/2013) due to come into force on 15 September, OTC market participants are bracing themselves for major changes to the way they perform portfolio reconciliation in relation to non-cleared trades. In fact, it is looking increasingly likely that the deadline will have to be extended by around three months, to allow further time for compliance by the affected institutions.

Continue reading

Posted
By

As noted in our previous blog postings on the subject (Applications Outsourcing Pricing – Part 1 and Applications Outsourcing Pricing – Part 2), the most prevalent model for pricing applications outsourcing services involves the following components:

  1. a fixed monthly charge for applications maintenance and support;
  2. a fixed monthly charge for a baseline number of application enhancements hours (typically included as part of the fixed fee for applications support) with authorized incremental hours charged on a time and materials basis; and
Continue reading

Posted
By

You’re a CIO and a major software publisher proposes an “enterprise” or an “unlimited” license arrangement. Having made its way up the chain to your desk, you are told the deal looks promising. There can be pitfalls in any software deal. In “enterprise” or “unlimited” license arrangements the pitfalls can be devastating.

Asking yourself (and your staff) four basic questions may help you ferret out the risks and reduce your exposure to many of the big problems.

This is the first of four installments identifying and explaining each of these four questions. The first question is:

Continue reading

Posted
By

The details are not the details. They make the design.” – Charles Eames

Indiana vs. IBM

In 2006 Indiana awarded IBM a contract for more than $1 billion to modernize Indiana’s welfare case management system and manage and process the State of Indiana’s applications for food stamps, Medicaid and other welfare benefits for its residents. The program sought to increase efficiency and reduce fraud by moving to an automated case management process. After only 19 months into the relationship, while still in the transition period, it became clear to Indiana that the relationship was not going as planned. The expected levels of automation were not being realized. Instead, the program reverted back to a caseworker process, and performance was consistently slower than agreed to levels.

Continue reading

Posted
By

In Part 3 of “It’s 2013. Do You Know Where Your BYOD Policies Are?” we will address developing BYOD trends and best practices. Please check out Part 1 and 2 of this 3-part series addressing employee and employer concerns, respectively.

Recent Findings: Widespread Adoption, Lagging Management

Recent studies show that security practices and corporate policies are struggling to keep pace with the popularity of BYOD. As mentioned in Part 1, a recent Cisco study found that 90% of full-time American workers use their personal smartphones for work purposes. Surprisingly, widespread adoption is reported in industries handling highly sensitive and regulated data: banking at 83.3%, and healthcare at 88.6%.

Continue reading

Posted
By

Steve Farmer recently published an article in World Data Protection Report titled “Personal Data Transfers from the European Economic Area: Time to Consider Binding Corporate Rules 2.0.”

What exactly is the ‘”best” solution for an international business needing to handle and transfer personal data across borders?

This has become an increasingly important and common question as business becomes more global and companies grow, reorganise or merge.

Continue reading

Posted
By

In Part 2 of “It’s 2013. Do You Know Where Your BYOD Policies Are?” we will discuss employer BYOD concerns. Check out Part 1 to learn more about employee interests; Part 3 will present developing trends and suggest best practices for BYOD policy drafting and implementation.

The Employer’s Perspective on BYOD

While BYOD provides employees with enhanced user experience, their employers welcome BYOD for cost savings, increased productivity, and improved employee satisfaction. Yet, these benefits come with certain costs, primarily data security risk, as well as regulatory compliance risk.

Continue reading

Posted
By

Imagine you grab your phone only to find it locked, with all of your applications, pictures, and contacts permanently deleted. Imagine your employer’s IT department remote-wiped your phone because they mistakenly believed it was stolen. Better yet, imagine your Angry-Birds-obsessed child triggered an auto-wipe with too many failed password attempts (don’t laugh – it’s based on a true story!). Can your employer really do this to your phone?

Imagine instead that you are the CIO responsible for protecting sensitive corporate and third party information. How can you ensure information security when your employees carry sensitive data in their pocket everywhere they go, and let their friends and family play with these devices?

The use of user-selected personal mobile devices for work (often called “Bring Your Own Device” or “BYOD”) is undoubtedly delivering benefits for employers and employees alike. Yet, competing employee-employer interests and related risks must not be ignored. Remarkably, only 20.1% of companies surveyed globally have implemented signed BYOD policies according to a recent study (Ovum Research Shows U.S. Ahead of Other Countries in Asking Employees to Sign BYOD Agreements). This three-part series will outline competing interests and risks, and will suggest that the best way to manage these risks is through the drafting and enforcement of proper BYOD policies.

Continue reading