The SHI newsletter today had an interesting article on getting the best audit terms in your contracts. So food for thought, see http://blog.shi.com/2017/02/20/negotiate-better-software-audit-clause/#.WMFoxVUrLRY?_cldee=bWtub3hAYXVzdGluLnV0ZXhhcy5lZHU%3d&recipientid=contact-273e6c58aff1df119f66005056ae0ffb-06de9135c9ca46c78c54ac8b2b1731f3&esid=3f48a249-d20f-e711-80ff-005056950f19&urlid=15
A couple of thoughts
- I would add is the concept of "good legal cause" for an audit clause. Fishing expeditions are not a good use of our resources so I want to know what evidence a vendor has to need the audit
- security/privacy issues. If a tool is going to be used then it would have to be fully vetted by our security and privacy folks before deployed. And a whole bunch of legal language would be needed for that usage (who that data can be shared with, what kind of data, etc).
- a third party is not what I consider desirable practice. Their compensation may be on finding something versus a neutral result
- a possible preference for the last two could be that the school run tools they have (that perhaps came with the package, since surely the vendor cared enough to include same:-)) and upon appointment on site, review results with the vendor. Any sensitive data/ confidential data would be redacted prior.
Margaret (Marg) Knox The University of Texas System
Executive Director, Systemwide IT (SWIS)
(512) 322-3774 [log in to unmask]
Austin, Texas, 78701
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.