Interested in training for your team? Click here to learn more

Lessons From the CrowdStrike Outage: Reviewing and Strengthening IT Service Level Agreements and Contract Remedies

Preserving Right to Seek Indirect, Consequential, and Special Damages in IT Service Agreements

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, October 8, 2024

Recorded event now available

or call 1-800-926-7926

This CLE webinar will offer strategies and best practices counsel can apply in negotiating and structuring agreements with IT service providers in the wake of the CrowdStrike incident. The panel will discuss the key contractual provisions and mechanisms to include in these agreements.

Description

On July 19, 2024, organizations throughout the world experienced serious disruptions to their operations when businesses and individuals were unable to log onto devices and accounts for prolonged periods. The technology outage was traced back to a security update pushed out by CrowdStrike, a cybersecurity company, that caused the Microsoft Windows operating system to crash.

Business losses tied to the outage are anticipated to include disrupted operations, loss of revenue, loss of business opportunities, recovery costs, legal fees, and loss of customer and investor confidence, among others. All of these can lead to contractual and indemnity issues, and many organizations are examining the possibility of contractual recourse for the CrowdStrike incident.

The IT industry commonly limits or excludes liability for indirect, consequential, and special damages in agreements. And many IT contracts also do not allow third parties to benefit from any protections between the service provider and customer. CrowdStrike's terms and conditions contained these traditional exclusions, as well as other caps on liability. As a result, many anticipate that CrowdStrike's terms and conditions will largely protect it against damages claims brought in litigation.

In response, and to mitigate or avoid the serious impacts of service disruptions like the CrowdStrike outage in the future, counsel should review and strengthen service level agreements and contractual remedies to protect clients against devastating losses tied to future IT outages.

Listen as our panel of experts discusses the implications of the CrowdStrike outage for tech-reliant businesses and provides critical insight into the contractual mechanisms that can be used to protect clients against the impacts of future IT outages and failures.

READ MORE

Outline

  1. CrowdStrike incident overview
  2. Standard contract provisions in the IT industry
    1. Limitations of liability
    2. Exclusion of benefits to third parties
  3. Software litigation stemming from the CrowdStrike incident
    1. Case theories
    2. Anticipated outcomes
  4. Key SLA/contractual provisions
    1. Liability caps
    2. Remedies and compensation for service failures
    3. Force majeure and exclusions
    4. Ability to work around technology failures to ensure continuity of critical processes
    5. Acceptance testing and avoiding "deemed acceptance" clauses
    6. Indemnity
    7. Incident response and resolution tailored to customer's business and processes
    8. Disaster recovery plan requirement for IT service providers
  5. Business continuity plan requirement for IT service providers
    1. Termination rights and exit assistance

Benefits

The panel will discuss these and other key issues:

  • What complex legal and business issues should counsel consider when negotiating software agreements in the aftermath of the CrowdStrike outage?
  • How can counsel structure agreements with IT service providers to maximize protections to clients in the event of technology outages?
  • What are the critical provisions and requirements that should be included in agreements with IT service providers?

Faculty

Kennedy, Ashley
Ashley Kennedy
Attorney
Foley & Lardner

Ms. Kennedy is a Technology, Transactions, Cybersecurity & Privacy Practice Group member within the firm’s...  |  Read More

Overly, Michael
Michael R. Overly
Partner
Foley & Lardner

Mr. Overly focuses his practice on drafting and negotiating technology related agreements, software licenses, hardware...  |  Read More

Tantleff, Aaron K.
Aaron K. Tantleff
Partner
Foley & Lardner

Mr. Tantleff focuses on providing legal and strategic guidance regarding information technology, outsourcing,...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video