NASPO Pulse

The Contract Doesn't Fail—The Management Does: Lessons for Modern Procurement

NASPO Season 7 Episode 8

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 35:07

Successful technology contracts depend on much more than well-written terms and conditions. In this episode, NASPO's Director of Legal Education, Megan Smyth, discusses the real challenges of SaaS contract management, including data security, vendor relationships, decentralized purchasing, and strategic risk management. She also explores how states are beginning to use AI to streamline contract reviews while maintaining oversight and compliance in an increasingly complex technology environment.


Follow & subscribe to stay up-to-date on NASPO!
naspo.org | Pulse Blog | LinkedIn | Youtube | Facebook 

Welcome And What We Tackle

Julia McIlroy

Hi everyone, and welcome to NASPO's Pulse, the podcast that focuses on current topics in public procurement. I'm your host, Julia McIlroy. Today I'm speaking with Megan Smyth, Director of Legal Education and Lead of NASPO's Law Institute. In part two of our podcast, we'll discuss the real challenges of SaaS contract management, including data security, supplier relations, decentralized purchasing, as well as strategic risk management. So

Hidden Risks In 24/7 Support

Julia McIlroy

from data ownership and cybersecurity to indemnification, as we talked about, and auto renewals, what contract provisions tend to create the most challenges in SaaS and click-through agreements for public agencies?

Megan Smyth

So one that immediately came to mind for me here was the Chase the Sun mentality that most suppliers have, which is I want there to be someone available to you, my client, 24-7, to answer your questions or fix the software problem. Well, the problem with that is when it is 3 a.m. in California and you pick up the phone and you need help, who do you think is answering that phone? It's not someone on the East Coast of the United States. And so what you've done is you've allowed a loophole, essentially, that gives people in other countries, on other servers, unknown sources, access to your state system and your state data. Because if they need to log into your system and fix something and you know take over from where they are, that's essentially what's happening. Um, that that sort of mentality is seen as a huge positive in the private sector, on in the business realm, right? That I'm giving you this support 24 hours a day. Aren't you super grateful? Isn't that wonderful? Well, sure, it's wonderful when I don't have to worry about you accessing my millions of state citizens' social security numbers and addresses. Um, that's a huge issue. So locking in that sort of of service level on your contract sounds great, but you need to have a conversation with the supplier about what that means in practice. And if you have state requirements, state statutes uh that say our data cannot be housed, not you know, it has to be housed on United States soil, for example. Um, well, what does that what implications does that have for your supplier? Are they able to meet that requirement? Are they not going to be able to provide the service that you need at 3 a.m.? Because you have that requirement. That needs to be a conversation that you have before you find out six months into the contract that someone from India is is accessing your state data. Um, there's also an issue of proprietary information, right? Intellectual property. What is the state licensing to use? What do they own? What do they own that the software supplier or technology person has created for them, specifically for them? We wrote this piece of software for you. It is now the state's. Can that supplier take that code and use it for other projects? Or is it proprietary only to the state? A lot of issues here can be solved with licensing. States don't need to own this stuff, it's not in their interest, it doesn't benefit them really in any long-term way. So this this uh software as a service model is the best model because you don't need to own all of that infrastructure. It's too much of a burden at this point. So understanding um where the intellectual property rights are, who owns them, and who can use what where is an important distinction to make early in your contract terms. Finally, successful SaaS is gonna require planning ahead for data portability and contract termination, because that's gonna happen. The state is not gonna keep the same supplier for 25 years. It's probably very unlikely. So when you contract with the suppliers, you're both forming a relationship that needs to be mutually beneficial and a partner type relationship, but you both understand that the next time that contract goes out for bid, it could go to someone else. And that's just the reality of public government state contracting, right? You're not always going to award to the same supplier over and over again because of the competition and the transparency requirements. So everyone needs to understand that. And no one needs to be surprised when after five years of working together and everything's been great, and we've been so good to you, state. We've done so many things for you, we've updated, we've done this, we've done that, we made it accessible for you at no extra charge, and now you're gonna go contract with someone else. That hurts their feelings, and I understand that, but that's the that again that goes back to the are we a right the right company to sell to the government? Can we handle that? Um, and the the what to do at the end when when you are transferring it to a new supplier and you've got huge roadblocks put up by the current supplier you're working with, that is a headache you do not want to deal with. And so if everyone understands from the beginning that that's where you might end up, five years from now we might be porting this data somewhere totally different, that helps you write the contract in a different way that's gonna alleviate all that pressure when that eventually does happen.

Julia McIlroy

In my previous position, I would remind

Licensing Rights And Clean Exits

Julia McIlroy

suppliers that there are always opportunities. They might not have won this RFP, but more than likely in five years we're going to reissue it, and there's an opportunity there. So don't burn bridges, number one, and be understanding that in many cases we're only going to select one supplier, right? For if we have an ERP system, I'm not that's not gonna be a multiple award, but there are opportunities down the work down the road. Funny story: we had had on our campus one provider of soda, some people say pop, whatever, you know, busy drinks, cola, cola, and they had been there for many, many years. And I issued an RFP and their competitor won. That's just what happened. And so it was agreed upon that they would have keep their vending machines. The current supplier would keep the vending machines until let's say August 1st. Well, around June 15th, someone called me on campus and they said, Do you know that X Company is here with a bunch of trucks and they're loading all the vending machines on campus into their trucks and driving off with them? Because they had been upset that they were not the successful supplier. And anyway, it was kind of funny to see the vending machines driving down the street and lots of folks on campus. Thank goodness it was summertime, so our students weren't there saying, How are we gonna get our soda pop? So we worked through it. But again, for all the suppliers out there, you don't win every solicitation, but there are more solicitations down the road. So the understanding, be flexible, and don't drive off with your vending machines.

Megan Smyth

Don't don't take your vending machines and go home. Exactly.

Julia McIlroy

Yeah.

Megan Smyth

Yeah. Yeah.

Supplier Relationships And Burned Bridges

Julia McIlroy

So, Megan, many end users can access software with just a few clicks, sometimes before procurement or legal teams are even aware of it. How can agencies better manage decentralized technology purchasing while still supporting innovation and efficiency?

Megan Smyth

Well, let me just say that the phrase decentralized technology purchasing makes me sad because it's not a great idea. Um as our friends, I thought maybe it would make you feel nervous. It does make me nervous, Julia. Um, and it makes CIOs nervous and it should make CPOs nervous. Um, because if you don't have an enterprise technology set up in your state, I'm sorry, but you need one. Um, and your state needs to have a cohesive technology plan and thought process with each purchase that you make in this area. And that's why it's so important to have cohesive training and cross-education. So bring your technology people in to talk to the procurement people, bring your attorneys in to talk to the IT people and the procurement people so that everyone understands what's going on because everyone brings their own expertise to the table, right? You've got the IT people coming in and they know all about the software, they know all about what they need to make the system work, that what whatever problem they're trying to solve, they know that. The procurement person knows how we can get the thing and the methodologies that are going to get us the best suppliers. And should we do an RFI, an RFQ before we go out? Like they know the methodology to get them what they want. And then the attorney knows like the the how to actually sew it all together, right? They can actually take all the pieces and make a cohesive contract that that sets out what everyone understands. And contracts, I think people think, I don't know, they have like a oh, a contract. Contracts are great, contracts are fantastic because what it is is people communicating on paper in clear English, written language, what their relationship is to each other, what their obligations are to each other, what they're gonna do when something goes wrong, right? And we don't do that in our personal lives really ever, right? With our relationships, but that is what contracts allow you to do. And so that's sort of it's almost like a magical opportunity for everyone to understand what's going on and come together to solve the problem, right? To do to provide the service to the state citizens. That's what this really is all about. There is no state attorney out there making uh you know, winning marks on their wall, like, oh, I won that one today. There's no winning. There's a successful contract that delivers what you want it to deliver, that provides services to your citizens who are taxpayers, who are paying for all of this, essentially. That's what it's really about. And so I think that trying to get past a lot of the technical stuff isn't it's important to get to the people and talk to the people and figure out who these people are. And you know, I just sat on a on a webinar where a professor was talking about the disruption in the construction procurement area that technology is is creating, you know, and it's like engineers, we won't need design engineers in five years because AI will do it, right? Stuff like that that is going on in the industry in the world that you wouldn't know about unless you have those conversations with your supplier community and you do QAs and you are curious about what is out there. That's why stuff like challenge-based RFPs, solution-based RFPs, where you're saying to the to the supplier community, this is our problem. Here is here is the the issue we want to solve. California did this with wildfires, right? They issued RFQs where they said, You see it, right? We all see it, the wildfire. Please help us. And they just let suppliers send them submission. You know, here's our idea, here's our proposal for for how we could manage the forest better, or, you know, how to put out the fires better. And that can create so much innovation just by reaching out to the supplier community in a in a cooperative way instead of a competitive way. Um, we may have gone way off of what the question initially was, but um I I think that the aw the the the cross-education and making everybody aware of of what we're actually trying to do is key. And we're not sitting down doing that at the beginning of these contract life cycles.

Julia McIlroy

The beauty of an RFP, you're saying to the supplier community, I have a problem. I used to like to say, I have a need. I need something. Help me figure out how to best solve that need or solve that problem. And that's really what suppliers do in the RFP process. Yes.

Decentralized Buying Needs Guardrails

Julia McIlroy

So, Megan, what are some best practices procurement teams can use to balance flexibility and convenience with proper oversight when reviewing SaaS and click-through agreements?

Megan Smyth

So, as we discussed before, right, the contracts aren't failing because they're badly written. Um, it's about the implementation and the ongoing management. So the handoff from contract negotiations to project managers is critical because you're not, you're not, you have to convey what the negotiations, what the fruit of the negotiations was, what you've got in the contract that you negotiated for. For example, your performance metrics, right? Your data security requirements. Because if they don't understand or follow if the state, I'm talking about the state, they're not following their own contract negotiated terms, that can create a waiver of remedy. It can cause major issues. So training on post-award

Post Award Management Makes Contracts Work

Megan Smyth

contract management from legal and from the procurement office to the end users and the user agencies is the most important thing you can do when you've got when you're dealing with SaaS agreements.

Fast Tech Adoption Without Breaking Rules

Julia McIlroy

So, how are procurement professionals adapting to the growing expectation for faster technology adoption while still ensuring compliance with public sector regulations and policies?

Megan Smyth

Several years ago, I was at a round table that involved attorneys from the state, attorneys from suppliers, um, and some industry thought leader professionals from the big, big IT companies, okay, the ones you would name off the top of your head. And they admitted out loud that states should not be first to fail. States should not be testing software or trying new ideas. Uh, states should be using what is tried and true. Government is meant to be the thing that works when nothing else does. And so there's no reason to outstep the private sector, to be on the cutting edge of the newest technology. That is not what the state should be doing. That is not what they're there for. They should be a consistent presence. So one thing that you can do is run a pilot. Pilots are often allowed in many of the procurement codes, uh allow you to get around some of that super complex stuff that goes on up front to allow you to actually get to the project and see if this thing would actually run, if it would actually have legs, if it would work, if it would solve the problem you want it to solve. And that gets into the concept of procurement as an ongoing revisionary process as opposed to a waterfall procurement that you don't really know what you're gonna get until you get to the end, right? A pilot is gonna help you sort of see through to the future of how this might go when you contract it out. So states can use that to vet a supplier, they can use it to vet an idea or a project before they dive into significant financial and personnel investment. Um, and so those are the two biggest tips I would say is don't try to be first out of the gate. Use the technology that's been out there that we know works, that consistently will work, and then try a pilot if you want to do something outside of the box and you're a little afraid of it. Um, that's a great way to try new things.

Julia McIlroy

You know, I like to think of it as well, we would say on campus that we could not be bleeding edge. That's not our role. We need to be steady Freddies. Yes. We need to know that whatever the product is that we're purchasing works, it'll meet our needs, and we're not really in a beta environment.

Megan Smyth

Yeah, and it's a balance. You know, it's a balance because you're not gonna get Amazon service from the government. That's just not gonna happen. And you know, because the the whole the purpose, the reasoning, the methodologies are all totally different. And so, you know, I just did um a CLE, a continuing legal education seminar for the Connecticut bar, and I was just talking to regular attorneys who are admitted to the bar. They practice in all different areas, and the main point I really tried to make was just public and private procurement are very different. And that's a basic piece of information that Julia, you and I know, but every day person walking on the street doesn't ever think about long enough to know or care about, right? The fact that those are so different that that it's in the state, it's really about competition and transparency and making sure you get a supplier that's gonna be there in the long run, not just best value, which I think a lot of people think that that's all the state does is contract for cheapest price, right? They go for that's it, that's the that's the bottom line, and that's what's gonna make all the decisions. And you and I both know that is not true. And so educating the supplier community on that point, I think is important as well. It's not just the price that you're bringing to the table, it's many, many other things.

Julia McIlroy

And I think you have a great point that you made earlier that doing business with state, K-12, higher ed, the federal government, whatever level it might be of public procurement, it's not for every supplier. Right. Exactly. Because it is different, because we're talking about taxpayer dollars and not a private entity's dollars.

Megan Smyth

Exactly.

Strategic Risk And Why Clarity Wins

Megan Smyth

And look, thinking about we know we talk about risk. We you mentioned risk at the very beginning, and we've talked about it throughout this thing. But there's risk and then there's strategic risk, right? There's risk that I have planned for, that I understand, that I know. Think about getting in your car every day and driving. That's the most dangerous thing that you do all day long. What do you have done? What have you done to prepare yourself for that? Well, you have seatbelts, you have airbags, you have insurance, you have, you know, you're aware, you're wearing your glasses, like your driver's license requires you to. All of these things that you've done to manage the risk of getting in a car and driving. That is what we're doing on a different level and a different scope, but that's what we're doing essentially, is we're just trying to manage that risk. That risk is always gonna be there. I'm never gonna get in my car and have a zero risk trip to the mall. That's never gonna happen. I have to just be prepared for what might happen. And so when we think about risk from the state perspective, they have to take into all of those considerations and not just, you know, the price at this moment in time. That's a terrific analogy.

Julia McIlroy

There's not zero risk whenever you get in your car, right?

Megan Smyth

Yeah, there's never going to be zero risk in any situation that you are contracting for. And so just understanding it and accepting it and embracing it as a way to make it make yourself better, right? Make it sharper. Um make the contract more useful on a daily basis than just uh very general terms that don't really help you, that are vague on purpose, right? I hate vague terming. Um we just make it as vague as possible so that later on down the road I can read that however I want, right? To fit my needs at the moment. Those are not the kind of terms that you want in state contracts.

Julia McIlroy

I think you made a fantastic point earlier about contracting being magical. I mean, in a way it is magical, but really it is setting expectations. You're going to do this thing for me. I'm going to procure this thing from you, whether it's goods or services, and I'm going to pay you this much, and you're going to have it done within this time period. And if all goes well, then it is magic. And if it doesn't go well, then we go back to the contract and say, okay, what expectations did we set for when it was supposed to be delivered, or if something goes wrong, how we're going to handle it? Right? I mean, that's really all a contract is setting realistic expectations.

Megan Smyth

Very much so. Very much so. And knowing, understanding too that the relationship you're getting into is a risky one. I mean, that we why do people enter into prenups? Because they see the divorce rates. No one gets married planning to get divorced. They get married planning to stay married, but they still have a prenup. That's what it is. It's, you know, you hope it, you hope it works out. But if it doesn't, we have a document that will help us navigate those issues when they come up. And if you don't have that document, then things are challenging, right? And then you're arguing about what did our vows mean? And what did what did we really mean when we when we entered into this relationship? And no, no one's ever going to have an answer for that. Because that was a long time ago, and you're never going to be able to know. So, you know, that sort of stuff isn't helpful.

Julia McIlroy

Very true. So, Megan, looking ahead, what opportunities does SaaS solutions create for public procurement organizations? And how can agencies position themselves to be more strategic? And proactive in this rapidly evolving space?

Using AI Safely In Contract Review

Megan Smyth

I would say that there's an opportunity to implement some of the advanced technology that's happening with SaaS in a controlled, risk-managed way. So for example, I'm going to use our colleagues in Massachusetts who are doing uh initial contract red line review with AI. Now that sounds scary because I, the attorney, don't want any AI making any legal decisions for my client, right? But what you're using the AI for can be determined by the attorney. So we're not using the AI to make decisions. We're using the AI to review the initial terms of the contract, compare it to our state terms and conditions, right? So we get we get the supplier's contract in and we put it in the system side by side with our standard terms and conditions. And the AI tells me where those two things do not align. And it says, here's a problem, here's a problem, here's a problem. Here's suggested language from your own statutes and procurement code that you can feed into the system. So it's a closed system, right? It's only reviewing that document based on your input, your requirements to it. And what do you do with that end product? Well, you don't say, here it is, and send it back to the supplier. You have a real person look at it. You have the attorney look at it. And what our colleagues in Massachusetts have found is that saves them some time up front, right? There's they say the AI is catching, I think, 75 to 80% of the major issues in redlining. And that's great. Misspelled words, you know, not terms that aren't capitalized, things that aren't, you know, the numbers aren't written out the way they should be in a contract, parentheses aren't where they're supposed to be. That kind of stuff can save an attorney a lot of time. And that stuff matters. And I'm talking about that really annoying stuff in contracts, like when the attorney writes $4,000 in numbers, right? And then in parentheses, they write out four F O U R dash thousand, right? That we do that sort of thing. We do that sort of thing so that there isn't a confusion or or conflict that we couldn't solve for before it happened, right? That's an easy thing to prevent, is us misunderstanding a number. So looking for those areas that you can try to implement some of this advanced technology in a safe, controlled way, I'm much in favor of. I know Tennessee is using AI to answer FOIA requests, to do the initial search for the answer of the FOIA request, but then they have an attorney review what the AI put together and add or delete or and redact. You can use AI to redact sensitive, excuse me, sensitive information out of uh out of documents. So uses like that that still have a human backup, that still have a person who's gonna look at it, but that the AI did the initial work. That's sort of a low-risk, high reward situation for a state contracting uh officer.

Building SaaS That Actually Fits States

Megan Smyth

And I also think it's an opportunity right now to convince the SaaS providers to write software for the state, which is they don't do, right? The state is taking off-the-shelf software and modifying it, or they're having software, custom software built for them. Now, unfortunately, custom software builds do not always go well. That is a difficult thing to implement, and it's because of all the things that you and I have talked about today, the differences between what the technology people need and what the procurement people need and what the end user needs. It's very difficult. But when that comes together, it can be a great opportunity to convince them that there is a market in state government for these for this software, and that if they do it correctly and implement it right, um, they could be very successful in that space, providing technology to the government that works for what they need, which there isn't a huge market out there. It's a 54-person market, if you think about it that way, right? There are only 54 states you could sell that to. But uh the efficiencies that would create if they were actually creating software specifically for the state would be a game changer. Um, so don't see them as the enemy, right? See them as a potential partner for you to improve the lives of everyone, including the people doing this work in the state.

Julia McIlroy

Well, and suppliers are part of the state, right? Whatever state they happen to live in. They're yeah, they're taxpayers in their prospective state. So I think that's a really good point that you know, we like to say it in ASPO, if you've seen one state, you've seen one state. But actually, we could say that every state has a department of transportation, every state has uh child protection services, every state has human and health services, every state has a workforce or an employment uh department. So if you could have suppliers that were like, okay, I'm going to develop this software that's specific to states, and yes, you have 54, 55 states and territories that can utilize it, the value of that collective is pretty great.

Megan Smyth

Yes, if you combine federal, state, county, and city procurement in the United States, it's roughly $7 trillion with a T dollars of spend every year. That is a lot of money. And three to four trillion T of that is the state. Um, so it does look like a small market, but the opportunity is there to sell that software to every agency in the state that needs that particular solution, or that you've built security that will adhere to the state's requirements within that system. Um, there's a lot of things that suppliers could do if they really were interested in this market to make themselves really attractive to the state.

Julia McIlroy

So suppliers, just to reiterate, that was trillion with a T.

Megan Smyth

Mm-hmm. Yes.

Value Added Resellers And Privity Gaps

Megan Smyth

And Julia, let me say one other thing to our supplier friends, if any of them are listening. If you are a value-added reseller and you are the person who is the in-between the state and the software manufacturer, you need to do several things in that position. Number one, you need to assure the state that you are in fact adding value and you need to explain to them what that value is. So, for example, if the software provider only gives you uh a 98% uptime guarantee, your value-added reseller may say, well, we give you a 99% uptime guarantee. And that doesn't sound like a lot, but that could be days and hours of time. And so they are adding a value. They're saying we are enhancing the customer service that you would be getting just from the software manufacturer by going through us, the value-added reseller. Now, what when I've heard value-added resellers talk about their value add, they're talking about their value add to the software manufacturer, to their business partner in that way. Their business partner no longer has to deal with invoices or customer complaints or the state's requirements and the content. They don't have to deal with any of that. They just get to make the software and sell it. So that specific position gives attorneys a lot of anxiety because the state is contracting with this entity, the value-added reseller in the middle. They're not contracting with the software manufacturer. And what we call, we call that privy of contract. So there has to be a real a contractual relationship between the parties for there to be privity. And so if the state and the reseller have a contractual relationship, but there is no connection to the software and manufacturer, when something goes wrong down here, it's going to be really difficult to get to the software manufacturer to solve the problem because you don't have a contract with them. You have a contract with their reseller. And that is an issue for everyone on all sides. And so everyone just needs to sit down and talk about that when you are contracting with a reseller, what that means, what implications that might have, and what you need to do to protect the state, given the fact that you may not have a direct contractual relationship with the software manufacturer.

Julia McIlroy

Megan, that's a fantastic point. It kind of reminds me of when you buy a vehicle, you go to your local Ford Chevy BMW dealer and you procure a vehicle from them. It was manufactured at a factory, but the contract is not between the buyer and the factory, right? It's the buyer and the dealer. So folks need to remember that that relationship with that value-added reseller is critical.

Megan Smyth

Yes. And they can be, that can be a good relationship. That can, in fact, add value, be beneficial to the state. But everybody needs to talk about that and communicate about what that means and if that is still going to give the state the backup that they need when

Liability Tradeoffs And Final Takeaways

Megan Smyth

something goes wrong. And back to the I know we're maybe going on too long here, but back to the point about risk, strategic risk, okay? Let's say that I have unlimited liability in this contract, and I'm not going to budge on that requirement. And so I, as the state, I'm going to contract with company A. And Company A has been around for two years, and they are willing to put it all on the line for this one state contract. They think this is going to make us or break us. We can, if we fulfill this contract and we get paid and everything's great, fantastic, wonderful. If it doesn't work out, we'll just declare bankruptcy and go away. And what happens then? The state is left holding the bag. All the problems are their problems now. They don't have a contractual partner to deal with or get remedies from. The better bet would be to contract with someone, a company who's not willing to put their entire company on the line for one single contract with the state, but says it would be ridiculous for us to agree to unlimited liability. We're not going to do that. That's actually the saner approach to the contract. But the state sees a different risk valuation on those two things. But they should really think about what that really means, right? Because you're going to either get, sure, they agreed to unlimited liability, but when something bad happened, they're just going to run away, versus someone that's actually going to be there and have some solutions for you, but won't agree to essentially an illogical contractual term for them, that we're willing to pay whatever to whoever and agree to third party liability and all kinds of crazy things. And you see both sides of that. I can argue that from the state perspective of why we would never agree to third-party liability as a state. And I can argue from the supplier side is why I would never agree to unlimited liability in a state. And a good attorney needs to understand both of those perspectives and be able to find some middle ground.

Have Coffee With Your Attorney

Julia McIlroy

So, Megan, thank you so much for joining me today. I very much appreciate it.

Megan Smyth

Thank you. This was lovely, and I hope it was useful to someone out there and that they now maybe want to go have coffee with their attorney and ask them questions about SaaS agreements. And we're going to start a revolution here, Julia. A revolution.

Julia McIlroy

It always starts with coffee. Absolutely.

Megan Smyth

Yep. Have coffee with your attorney. That's what I always say. Attorneys like coffee. Uh, they'll be happy that you bought them coffee, and then you can ask them whatever you want. And we like to talk. So there's your there's your inn with your local council. Just take them out for coffee.

Julia McIlroy

And to our listeners, until next time, keep asking questions, improving processes, and moving procurement forward, and take your attorney out to coffee. And remember, we work in the sunshine. Bye for now.

Head Shot

Julia McIlroy

Host