Tech & Sourcing @ Morgan Lewis

The US Department of Labor (DOL) recently announced guidance for plan sponsors, plan fiduciaries, recordkeepers and plan participants on cybersecurity best practices. The guidance focuses on three areas: (1) tips for hiring a service provider; (2) cybersecurity program best practices; and (3) online security tips. In this post, we will focus on the DOL’s tips for plan sponsors and plan fiduciaries in selecting a service provider.

When negotiating a digital health collaboration agreement between a tech company and a life sciences company, whether for the development of artificial intelligence or other software, the provision of data hosting and analysis services, or a more complex collaboration, the parties should consider the following.

The UK Prudential Regulation Authority (PRA) published a policy statement (PS7/21) and a supervisory statement (SS2/21) on clarifying and modernizing regulatory expectations of outsourcing and third-party risk management on March 29. The expectations in PS7/21 and SS2/21 are relevant to banks, PRA-designated investment firms, insurers, and branches of overseas banks and insurers and apply not just to “outsourcing” but also non-outsourcing material or high-risk service arrangements. The expectations apply at a legal entity level rather than at a group level (save for expectations on intragroup arrangements).

We recently noted that the UK Financial Conduct Authority (FCA) published the outcome of a review into the factors that determine failure or success when implementing technology change in the financial services sector and discussed the importance of this review for firms seeking to improve the operational resiliency of their technology change management process.

Please join us for a webinar discussing important commercial terms and regulatory principles that apply when taking healthcare-related companies digital. We will discuss business culture and regulatory differences, governance and compliance, challenges when marketing in the healthcare space, and more.

The UK Financial Conduct Authority (FCA) has published its findings on an extensive review into the factors which determine failure or success when implementing technology change in the financial services sector.

In a March 2020 LawFlash, we highlighted that restrictions on service delivery locations and remote work could become key issues during the pandemic. Remote work was one of our five key issues in outsourcing and managed services in a follow-up article in June 2020. Our experience has since proven both articles to be correct. This Contract Corner will review the specific provisions that need to be reviewed based on continued remote work arrangements.

The US Department of Justice (DOJ) announced on January 13 that it had completed its review of a proposed joint patent licensing pool known as the University Technology Licensing Program (UTLP) of 15 participating universities. The DOJ concluded that the UTLP was unlikely to harm competition and would benefit licensees and the public to the extent that the UTLP would make it easier to commercialize inventions that may be currently unlicensed or underutilized.

Cybersecurity has earned its place at the top of organizations’ risk concerns during the COVID-19 pandemic. Remote working, an array of communication solutions and hardware being used by organizations, and the accelerated leveraging of cloud-based outsourcing solutions have increased the chain of potential vulnerabilities to cyberattacks.

The inclusion of acceptance requirements, including acceptance criteria for key activities and deliverables, within a service agreement can provide a blueprint for a service engagement’s success, and should not be overlooked during the contract drafting process. In this post, we’ll discuss at a high level some of the items a contract drafter should consider when drafting acceptance requirements.