After posting "Software Compliance Audits - A New Business Model to Drive Revenue?," a colleague e-mailed me and asked how I deal with pesky vendors who have crazy audit requirements.

The first thing I try to do is negotiate their audit provision out and negotiate a simple one in, which basically states that an officer of my company will write a letter, upon reasonable request, verifying my company's compliance with the license agreement.

If, for whatever reason, the vendor has leverage in the deal and pushes me to agree to run their audit software to ensure compliance, I've excerpted below what I pop into the software license agreement.  The provision is self-explanatory, but the gist of it is that if the vendor's audit software blows up our system or data, the vendor is going to pay dearly.  If it turns out we're out of compliance, we'll modify our usage to get compliant or we'll pay a fair and reasonable amount to get compliant.

In no case will I allow a vendor to run around my facility or stick their fingers in my systems to do an audit.  That's an absolute deal-breaker, whether my internal customer likes it or not (sorry, I have HIPAA to worry about).  This is rarely an issue because the bigger software deals are competitively bid (and the competitive bids include a contract template) and the vendors indicate their audit requirements, if any, up front.

Hope the following provision helps...

1.         Vendor Right to Audit Software Usage.  For the term of this Agreement, upon Vendor’s reasonable written request, which shall not occur more than once annually, Licensee shall install and run Vendor’s software application (the “Audit Software”) to ascertain Licensee’s compliance with the authorized uses, as further described in this Agreement, of the Software.  In no case shall Vendor have the right to enter the premises or access the systems of Licensee to conduct such an audit.

1.1       Remedies for Material Non-compliance.  In the event an audit reveals that Licensee’s use of the Software is not in material compliance with this Agreement, Licensee shall have the option, at Licensee’s sole election, to: (1) immediately modify such use to ensure material compliance with this Agreement; or,  (2) to submit payment to Vendor to permit such use, based on Licensee’s discount as calculated by the list prices for the Software licensed under this Agreement and the License Fees actually paid by Licensee for the same.

1.2       Vendor Representations and Warranties Pertaining to the Audit Software.  Vendor represents and warrants that the Audit Software shall: (i) ensure the security and confidentiality of Licensee’s systems and data; (ii) protect against any anticipated threats or hazards to the security or integrity of Licensee’s systems and data; (iii) protect against unauthorized access to or use of Licensee’s systems and data; (iv) be free of any mechanism which may disable the Software; and, (v) be free of any harmful or hidden programs or data incorporated therein with malicious or mischievous intent.

1.3       Indemnification by Vendor.  Without limiting Vendor’s other obligations of indemnification in this Agreement, Vendor shall defend, indemnify, and hold Licensee harmless from and against any and all claims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from Licensee, arising out of or relating to any act, error or omission, or breach of Vendor in the performance of any audit to ascertain Licensee’s compliance with this Agreement.