Home Archive for CLM

Category: CLM

Contract Lifecycle Management

Posted on Posted in CLM, Consulting, Contract Management, Digital transformation Tagged with , , , , , , , , , , , ,

La produzione contrattuale in azienda è molto variabile per una serie di motivi -tanto endogeni quanto esogeni- e non-standard quasi per definizione. Ciò significa che si esprimono concetti analoghi in tanti modi diversi, almeno tanti quanti sono i contratti prodotti. Questo avviene specialmente nei rapporti interaziendali o B2B.

L’assenza di standard è una conseguenza del fatto che ogni rapporto deve essere puntualmente affrontato e questo identifica il principale motivo endogeno. I motivi esogeni derivano invece dal contributo di terze parti quali studi legali, controparti o consulenti nella redazione delle clausole e dettagli del contratto.

Il risultato è un insieme non omogeneo di clausole redatte con altissima variabilità pur contenendo gli stessi scopi funzionali; la medesima clausola ad es., inserita in diversi contratti, sarà facilmente ubicata in sezioni diverse e conterrà testi diversi pur esprimendo lo stesso concetto. Questa situazione, oltre a non normalizzare il linguaggio, rende più complicato l’esercizio della revisione dei contratti, buona pratica da svolgere come minimo un paio di volte all’anno.

Apparentemente non ci sarebbero vie di uscita date le premesse ma, grazie alla metodologia #clm (Contract Lifecycle Management), il problema è ovviabile.
Il CLM considera i contratti non come “documenti” ma come “collezioni” di scopi funzionali (articoli o clausole) identificati molto puntualmente. La semantica del CLM non è in conflitto con la realtà dei fatti. Questo concetto è fondamentale per introdurre la pratica di #standardizzazione dei #contratti che consiste in un processo di ottimizzazione della gestione dei contenuti contrattuali attraverso due percorsi:

  • Per metodo: con l’adozione di accordi quadro (#msa), e contratti tipo ovvero modelli di contratti definiti dall’ufficio legale per ogni situazione puntualmente identificata. L’adozione di MSA lascia le parti più variabili dei rapporti fuori dall’ambito dell’accordo stesso, e standardizzando per definizione le situazioni e di conseguenza gran parte dei contenuti.
  • Per contenuto: con la normalizzazione delle clausole per identità e contenuto; passando attraverso l’identificazione puntuale dei contenuti e la conseguente “normalizzazione” del linguaggio con cui esprimerle all’interno dei contratti prodotti.

La combinazione di entrambe le nature porta ad una situazione di controllo completo dei contenuti contrattuali prodotti e gestiti.

Posted on Posted in CLM, Consulting, Contract Management, GDPR Tagged with , , , , , , , , , , , , , , ,

Companies and organizations are experiencing the first stage of a new digital support: GDPR management tools. We analyzed some of them.

As for all previous cases of new business compliance processes there is today a growing number of tools in the market addressing the all new European privacy law, the General Data Protection Regulation, which came into force on May 25, 2018. Our main conclusion: these privacy tools have design limitations.

Il problema

In alcuni casi l’approccio della soluzione è tecnologico -sistemi progettati come se fossero indipendenti o di natura statica- mentre in altri casi è funzionale, quindi tecnico in materia di compliance, ancora specifico.

Classifichiamo entrambi gli approcci come principalmente orientati al marketing; non per criticare la qualità di questi strumenti in quanto tali, ma il fatto che le soluzioni sono principalmente opportunità commerciali guidate dallo slancio per una domanda improvvisa, il cui mercato non è ancora esperto in materia. Questa pratica solleva problemi, anzi.

Parlando con gli esperti di GDPR emerge che alcuni imprenditori e dirigenti hanno adottato una visione che limita la conformità al GDPR a una gestione – burocratica – dei documenti o, peggio ancora, sembrano un’operazione one-shot che non richiede manutenzione. Il tutto nonostante i tanti e ripetuti avvertimenti e rischi di incorrere in enormi sanzioni amministrative.

Inoltre, ci è stato confidato che le aziende apparentemente preferiscono processi di business del mondo reale non corrispondenti rispetto alla presentazione di “processi ufficiali” e continuano con quelli abituali. Conclusione: il rischio e lo scopo dell’audit di conformità vengono dissipati nonostante si spenda tempo e denaro e allo stesso tempo con un costo di rischio elevato.

Ritorno al passato

Notiamo un notevole parallelo con gli anni ’90, quando la certificazione di qualità ISO era di moda. Non era raro trovare imprenditori che inseguivano in modo contingente una serie di certificati, senza tuttavia alcuna seria intenzione di cambiare la loro cultura aziendale.

Abbiamo lavorato con un bel po ‘di loro in quel momento e, purtroppo ma non a caso, nessuno di loro aveva illuminato il proprio futuro dopo tali scelte. (Nessuno di loro esiste più sul mercato, ma questo è solo un account personale.)

Tre decenni dopo, la qualità in generale, infine, sembra diffusa in molti ambienti aziendali e la mappatura e la reingegnerizzazione dei processi non sono più una novità. I vantaggi che ne derivano sono riconosciuti come parte della nostra cultura aziendale.

Un approccio innovativo: un’opportunità

Sottovalutare gli interventi necessari per soddisfare il GDPR o non sfruttare tutte le azioni necessarie durante questo processo, può portare le aziende a scegliere strumenti sbagliati che richiedono un serio impegno di conformità. Spesso questa strada porta anche all’impossibilità di collegarsi ad altre aree di competenza fondamentali come Legale e Operativo. Considerato tutto quanto sopra, solleviamo una domanda cruciale:

Perché le aziende e le organizzazioni dovrebbero mappare i propri processi solo ai fini del GDPR? Perché gli strumenti GDPR non partono dai processi gestiti?

Sono disponibili standard di scambio, come IDEFx, FFBD o BPMN 2.0 per la modellazione o standard universali come XML o Json, solo per fornire alcuni esempi. Allora, quanto è comune l’adozione di strumenti di mappatura dei processi?

Questa mancanza di integrazione delle migliori pratiche e degli investimenti precedenti porta a un costoso logoramento.

Posted on Posted in CLM, Contract Management, GDPR Tagged with , ,

Contract Management tools and CLM (Contract Lifecycle Management) practices offer the opportunity to integrate managed processes from the very beginning of the data stream: the contracts. Article 28 of GDPR provides some guidelines that we develop in this paper.

Contracts and GDPR

Organizations can almost easily identify the source of sensitive data in their contracts, either because contracts de facto represent the data collecting events (B2C and B2B) or because data treatment or manipulation is the subject of contracts themselves (B2B). This latter is the case of third parties involved in data manipulation or data treatment, the so-called “processors” by article 28 of the GDPR. Relationship with these parties is regulated by contracts.

Article 28

EU general data protection regulation 2016/679 (GDPR), in effect since 25 May 2018, states in Article 28 that

“…the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.” 

Wording in bold characters in the above quoted text is not our personal typographic choice. The impact of this article has not been overviewed by Brussels yet but the concept is crystal clear: processor’s responsibility goes beyond his own organization; it extends to the whole business network it relies on. This also affects foreign companies and organizations that treat EU citizen’s data.

When dealing with sensitive data the governance of relations with processors by contracts is not a common-sense or best practice anymore but an obligation as dictates Article 28, paragraph nr. 3:

“Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller […]”

From a practical point of view, organizations should develop governance procedures for managing the sensitive data chain and all relations with processors assuring their compliance. This is where CLM can help.

How can CLM help?

CLM’s basic principle is taking full control of the contract lifecycle and all contract related aspects impacting organizational issues. This means that by using CLM practices companies have the ability to control and manage direct relations between business processes and contracts, considering the latter as sources.

It is a fact that Legal Audit is a fast and precise operation when CLM tools are adopted. The same cannot be said about traditional or manual legal management: in one of our customers the Legal Audit process was reduced, after adopting CLM, from 2 or 3 days to 30 minutes.

All the above can be translated into the following general actions:

  1. Identifying specific contracts and contract categories that represent sources of sensitive data.
  2. Identifying IT and service contracts with third-parties and contractors related to a).
  3. Collecting contracts in b) for auditing the GDPR required guarantees and compliancy of the involved parties for the whole data stream.
  4. Integrating CLM with Business Process Management and its link to the GDPR process management: data treatment audit items should be identified with their legal sources in order to guarantee their management and enhance all following process maintenance.
  5. Evaluating the opportunity of sharing the same tools as common language between controller and processor.
  6. Managing GDPR processes (audit and maintenance) using the legal perspective as a starting point.

Conclusions

Organizations need support regarding EU sensitive data manipulation compliance; complex activities must be managed involving IT and service contracts review. Contract Lifecycle Management tools help organizations in the tedious task of identifying and collecting their processors for a correct GDPR risk management.

This article is also available in LinkedIn, in pdf format, here.

Posted on Posted in CLM, Consulting, Contract Management, GDPR Tagged with , ,

Companies and organizations are experiencing the first stage of a new digital support: GDPR management tools. We analyzed some of them.

As for all previous cases of new business compliance processes there is today a growing number of tools in the market addressing the all new European privacy law, the General Data Protection Regulation, which came into force on May 25, 2018. Our main conclusion: these privacy tools have design limitations.

The problem

In some cases the approach of the solution is technological -systems designed as if they were independent or of static nature- while in other cases it’s functional, thus technical in compliance matters, still specific.

We classify both approaches as mainly marketing-oriented; not in order to criticize the quality of these tools as such but the fact that the solutions primarily are momentum-driven commercial opportunities for a sudden demand, which market is still not well versed on the subject. This practice raises issues, indeed.

Talking with GDPR experts it emerges that some entrepreneurs and executives have taken a vision which limits GDPR compliance to – a bureaucratic – document management or, even worse, they seem a one-shot maintenance-free operation. All despite the many and repeated warnings and risks of running into huge administrative fines.

Moreover, we have been confided that companies apparently prefer a non-matching real-world business processes above the presenting of  ‘official processes’ and carry on with their usual ones. The bottom line: the risk and the purpose of the compliance audit is dispelled although time and money is expended, and at a high risk cost at the same time.

Back to the past

We note a remarkable parallel to the 90’s when ISO quality certification was fashionable. It was not uncommon to find entrepreneurs chasing contingently after a series of certificates, however without any serious intention to change their company culture.

We have worked with quite a few of them at that time and, unfortunately but not by chance, none of them had enlighten their future after such choices. (None of them exist anymore in the market, but this is just a personal account.)

Three decades later quality at large -finally- seems widespread in many business environments, and process mapping & re-engineering is nothing new anymore. The resulting benefits are acknowledged as part of our business culture.

An innovative approach – a golden opportunity

Underestimating the interventions required to meet the GDPR or not taking advantage of all actions needed during this process, may lead companies to choose wrong tools that require serious compliancy efforts. Often this road also leads to the impossibility to become connected with other fundamental areas of competence such as Legal and Operations. Given all of the above, we raise a crucial question:

Why should companies and organizations re-map their processes only for GDPR purposes? Why do GDPR tools not start from managed processes?

Exchange standards are available, such as IDEFx, FFBD or BPMN 2.0 for modeling or universal standards like XML or Json, just to provide some examples. Then, how common it is actually the adoption of process mapping tools?

This lack of integration of best practices and previous investments leads to a costly attrition.

Posted on Posted in CLM, Contract Management, Digital transformation

A small exercise

All important things evolve. Contract Lifecycle Management should be no exception. Nonetheless it happens to be one of the most undervalued matters by management in companies of all sizes.

If the question is: “do you realize that contracts are actually the backbone of your business?” we imagine that your answer is -“yes, of course!”; then why don’t you treat them with the necessary importance and relevance!?

IT-Legal solutions such as Nova CLM not only help you managing long-term and short-term activities in your Contract Lifecycle Management (CLM) but it also helps you leverage that huge value that is inside every detail of your contracts. This is done in a simple, secure and customized way in the Cloud.

What is your Contracts Geological Period?

Just for fun, but not only, please check in which “Geological Period” of CLM your company is now and contact me for a quote. Jump with our “time machine” into the latest and simplest way of doing it right.

[table id=1 /]

 

Posted on Posted in CLM, Contract Management, Digital transformation Tagged with , ,

The cuneiform alphabet is 5000 years old and was adopted by the Akkadians, Babylonians, Sumerians and Assyrians to write their own languages in Mesopotamia for about 3000 years. In the next five centuries we’ll share with the Mesopotamian Civilizations the longevity of adoption of an alphabet, Cuneiform for the former and the Phoenician-Greek-Latin alphabet for us. Parallels are not limited to the need of written heritage and a standard means of communication: the paramount use of alphabets is production of legal codes and contracts for the commercial transactions.

The need to transfer words in a standard media and preserve them from time deterioration leads Mesopotamian cultures to the adoption of Clay: clay tablets were the primary media for everyday written communication and were used extensively in schools and courts. Tablets were routinely recycled and only if permanence was called for, they could be baked hard in a kiln (as a certificate) similarly to the modern use of paper. An interesting example is available at the Metropolitan Museum of Art, it’s a Babilon house rental contract dating 522-486 BC, see at http://metmuseum.org/collection/the-collection-online/search/321709

A thousand year old tradition of printing Britain’s laws on vellum has recently been scrapped to save £80,000 yearly (http://www.bbc.com/news/magazine-35569281). Vellum is derived from the Latin word “vitulinum” meaning “made from calf”. As an example of its features consider that original copies of the Magna Carta, signed more than 800 years ago on vellum, still exist.

The need for long-time preservation of codes has changed -as demonstrated by the British Government- and in today’s Information Technology Era codes and contracts need to upgrade from a mere phisical preservation towards central repositories of legal contents and, which is more important, to solutions allowing both sharing of content and leap into the “next step”: machine-readable codes and contracts.

The Internet of Things and the development of Smart Cities involve new needs: the need for decision-automation based on service levels defined in contracts as well as the need of legal compliance. I find that the only way for achieving these results both in Smart Cities and in modern Organizations (with global products and IoT) is by adopting Contract Lifecycle Management practices assisted by specialized tools with open standards and protocols such as OpenData or LegalXML and eContracts. In addition to that, the maturity level reached by electronic signatures allows a secure leave of paper-based contracts although it is still largely adopted.

In conclusion, the persistence of paper-based contracts in a fast-growing global market characterized by complex legal compliance and the use of electronic means for enhancing business is comparable to writing modern contracts in cuneiform over clay. CLM is the answer: central repository, open standards, multi-juridical and multi-cultural contract managemen at its best.

Links and resources

Posted on Posted in CLM, Contract Management, Digital transformation

The reason why I’ll never change my Samsung Note smartphone for any other device is it’s on-device hand writing capabilities: I take notes anywhere by hand in a fast organized and natural way; my notes, my way, into “digital paper”. Yet I don’t consider myself a benchmark since I’m kind of a “geek” and gadget-loving type: it’s already three years I’m keeping that smartphone it stiked to my person -kind of a Star Trek Next Generation pad!

What I notice here is that human-paper interaction is still the best and most natural, no matter progress. I personally classify devices for digital conversion of human writing in two families: replicators and gateways. Replicators try to replace pen and paper with pointers and devices (such as my Samsung Note) while gateways focus on converting the human writing into digital, such as Moleskine’s Smart Writing Set.

Perhaps the key for success in this domain will stay in the writing gateways such as Moleskine’s set because, although some of us already are used to write into digital devices directly, there’s no better experience than writing your thoughts into paper… with no distraction, without obstacles.

Put your ideas into (digital) paper!